Reflection No. 1: The Cognitive Psychology Essentials for Cybersecurity Topic of Attention

cybersecurity
cognitive psychology
Author

Grant Powell

Published

March 19, 2024

(Written in the Spring semester of 2022)

The Cognitive Psychology Essentials for Cybersecurity course lecture on attention helped generate some scenarios in my mind on how security failures could be created that takes advantage of the pitfalls of selective attention. This looks at how multiple pieces of information on a computer interface is competing for the user’s attention, but the user decides to attend to only one of those pieces of information while simultaneously suppressing other irrelevant ones. A potential scenario that comes to mind that could portray as a security failure revolves around phishing attempts created around the presentation of open-source software.

A novice investor could go to an open-source software on the internet to receive tips on how to become a savvy investor to achieve financial gains. People who use open-source software are those who don’t want to pay more money for a service if they can avoid it and selective attention can play a part in looking for these. Open-source software is not always well-designed and may present security vulnerabilities. An individual in cyberspace could obtain a user’s email and IP address through a user signing up for a newsletter on investing tips and track the user’s internet activity. This individual could track which website the user goes for banking and send a phishing email that preys on the investor’s desire to take risks to achieve financial gains. By sending an email that pretends to be the investor’s banking institution, a ruse can be created about how there’s a great investing opportunity offered through that bank with a link to a login page. This is where the pitfall of selective attention comes into play. The investment opportunity appears attractive with a link to a login page to seize this opportunity that looks almost exactly like the user’s bank login page while ignoring other small details about the email or URL address of the login page that gives it away as being fake. Before the user knows it, the user’s log-in and personal information is stolen after logging in.