- Статьи
- Society
- Trusting individuals: companies will learn how to identify employees vulnerable to scams
Trusting individuals: companies will learn how to identify employees vulnerable to scams
HR services of companies and enterprises will now begin to identify people who are susceptible to possible attacks by cybercriminals in advance. To do this, specialists will analyze the activity of employees in corporate systems and adapt information security training programs to their behavior patterns. A classification of socioengineering attacks developed by Russian scientists should help businesses and government agencies move from reactive measures to combat hackers to leak prevention. About how effective it can be and what scenarios scammers practice today, see the Izvestia article.
Threat attacks, reward attacks, and honey traps
To increase the protection of citizens and organizations from digital fraud, scientists from the RANEPA and the St. Petersburg Federal Research Center of the Russian Academy of Sciences have developed a new approach to systematizing socioengineering attacks.
"Most crimes are based on methods of socioengineering human impact," explains Artur Azarov, co—author of the study and Vice—rector for Science at the Presidential Academy. — Thanks to the use of manipulative technologies, a real performance unfolds in front of the victim, with the presentation of forged documents, and constant involvement in negotiations with various alleged officials. If certain scenarios are successful, people lose significant financial resources and incur reputational costs.
There are different approaches to protecting users from socioengineering attacks, but their effective implementation requires an analysis of the situation, the study emphasizes. The key drawback of existing systems is the disparity in the descriptions of the attacks themselves. For the first time, the authors of the classification linked all types of fraud to a universal procedural chain.
The first stage is the collection of information: a false but plausible scenario is formed here: winning the lottery, blocking the account, requiring medical examination. The presence of this phase determines whether the attack will be massive or targeted, that is, at a specific person.
The second stage is establishing contact. The researchers analyzed seven main channels, including phishing through messengers, the creation of fake profiles on social networks and dating sites, and fake web resources. Special attention is paid to three types of contact initiation: from an unknown sender, a known organization, or a trusted person.
The third stage was the exploitation of relationships. The manipulations used were divided into an incentive attack with the promise of benefits and a threat attack with blackmail, account blocking or data leakage. A vivid example is "honey traps", where a fraudster creates an attractive image to lure funds.
The last stage is implementation. The final action of the attack should be the victim's action: disclosure of confidential data, clicking on a malicious link, installing malware, or logging in to a fake resource.
"The classification allows us to provide attack trajectories and implement targeted prevention measures at each stage," said Tatiana Tulupyeva, co—author of the work, advisor to the Vice—Rector for Science of the Academy and a leading researcher at the St. Petersburg Institute of Physics and Technology of the Russian Academy of Sciences. — An important preventive point is the dissemination of information about numerous types of attacks to a wide audience, so that any user can recognize the impact that intruders are trying to exert on him.
Save billions
For businesses and government agencies, this means moving from reactive measures to predictive analytics. For example, HR services will be able to identify employees who are highly susceptible to threat attacks by analyzing their activity in corporate systems and adapting cyber hygiene training programs.
Information security services based on this solution will be able to develop monitoring systems, HR departments will be able to create trainings, and government agencies will be able to apply analysis in the formation of digital literacy programs.
The proposed development will reduce the success rate of attacks by 15-20% in the medium term, according to Maxim Abramov, co-author of the study, head of the Laboratory of Applied Artificial Intelligence at the St. Petersburg Institute of Physics and Technology of the Russian Academy of Sciences.
"For the economy, this means saving billions of rubles," he stressed.
Already, classification can explain new fraud schemes, the researchers note. For example, the recent wave of attacks, where the victim received a letter about "entering the office of Public Services from a new device" with a request to call back to the specified number, Izvestia wrote about this. The attackers, under the guise of a support service, lured real data to access accounts.
A meaningful classification of types of attacks, taking into account the psychological characteristics of reactions, makes it possible, among other things, to conduct an audit of the available counteraction tools, says Sergey Mishurov, Doctor of Economics, Professor of the Department of Engineering Cybernetics at NUST MISIS.
"These tools help to repel attacks both at the level of information systems and at the level of user devices," the expert said. — NUST MISIS also regularly develops methods to counter cybercriminals based on real business needs. For example, our students have developed a lightweight algorithm for a smartphone that recognizes deepfakes. Now the team, together with experts, is improving it.
The work is of interest because the relevance of protection against any type of attacks in modern IT infrastructure is no longer considered a trivial task, added Ilya Livshits, Professor, associate professor at the Faculty of Information Technology Security at ITMO University. According to him, practically all modern standards in the field of information security take into account the full range of requirements for identifying employees who are potentially prone to destructive actions.
— Many companies conduct profiling based on their own risk models to form a talent pool, — said the expert.
Who trusts scammers
Most companies act reactively — they conduct training after an incident or purchase technologies that block already known threats, said Kristina Burenkova, head of Digital Threat Analysis and Assessment at Infosecurity (Softline Group).
"The proposed approach allows for the introduction of predictive risk analytics," she said. — To simplify it, a business gets the opportunity not to wait for an employee to click on a phishing link, but to assess in advance how much they are inclined to do so. This radically changes the approach to managing the human factor, which is the main link in security.
Alexey Kozlov, a leading analyst at the Spikatel Information security monitoring department, believes that the new tool can be useful — companies have been looking for ways to calculate the risks of the human factor for a long time, because it remains one of the main vectors of attacks.
"If such models can really take into account both behavioral patterns and context, this will give HR and information security services a chance to work with vulnerable employees in advance, and not just respond to incidents," he said. — At the same time, identifying the tendency to trust scammers is an extremely difficult task. Such models require a lot of time to be trained within a specific organization in order to reduce the number of false positives and more accurately distinguish real risks from normal work behavior.
In cyber attacks, attackers actively rely on the human factor, so it is extremely important to take this into account when building protection for organizations, said Tatiana Shishkova, a leading Kaspersky GReAT expert.
"Even the most attentive and careful users at one time or another run the risk of falling for the tricks of attackers, for example, due to fatigue, haste, a new plausible legend of intruders," the expert noted.
People who have poorly developed basic critical thinking skills or who are in a state of emotional stress are most at risk, psychologist Maria Todorova added. In a stressful situation, for example, when calling "from the bank" with a message about the account being blocked, a person goes into panic mode and stops checking the accuracy of the information.
"It is possible to identify such people both at the level of corporate prevention and in mass educational campaigns," she explained. — It is useful for businesses and government agencies to take into account the personal characteristics of employees: who is more likely to succumb to pressure, who reacts more easily to promises of benefits. It is important for civil society to develop people's ability to recognize manipulation starting from adolescence.
It is the combination of technical protection and psychological prevention that can reduce the effectiveness of attacks, experts say.
In recent years, crime using computers and Internet technologies has been growing rapidly: since 2018, their number has increased more than sevenfold. And their share will increase from 15% to 40%, the head of the Investigative Committee, Alexander Bastrykin, clarified in February 2025 at the international scientific and practical conference "Criminal law support for the information security of mankind."
"In 2024, 765.4 thousand of them were registered, which is 13.1% more than in 2023, including heavy and especially heavy trains — by 7.8%," the head of the department said.
The damage caused to citizens by fraudsters from January to August 2025 amounted to 134 billion rubles, said Danil Filippov, deputy head of the investigative department of the Russian Interior Ministry, at the XXII International Banking Forum in late September 2025. This is an increase compared to the same period of the previous year, when the damage amounted to 116 billion rubles.
Переведено сервисом «Яндекс Переводчик»
