16. Identify how specific malicious software attacks are made more effective due to human factors (A

Curiosity and impulsivity People will often click on links without verifying who is from or check if the link seems right. e.g. www.postofice.co.uk instead of the correct one www.postoffice.co.uk . Hackers will send message that are urgent and rely on good human nature to act quickly. Example: a worm-like cryptominer can spread through fake email that appears to be from a friend saying, "I'm stuck abroad, please send me money through this link ASAP" Clicking the link downloads the cryptominer Passwords Many people still use a very weak password. Everyone should check the 100,000 most used password list to check if your password is there, and if so, change it immediately. What's even worse is when you reuse the same password across multiple services. Attackers use malware such as keyloggers or brute-force Trojans to steal and exploit weak credentials Updates Lack of software updates is a paradise to hacker. People aren't aware that many of the updates are security updates, and so they delay or ignore them for months, and years. This leaves known vulnerabilities unpatched. The most notable example is the WannaCry ransomware attack. Windows had already released a patch for a big security flaw, but thousands of organisations had failed to update their systems, this caused great financial loss across the globe. Over-trusting online content People often download software without checking it's source and credibility. Attackers can disguise malware as free games, cracked software or useful tools, making it desirable for the future victim to download. A good example is the Flubot Trojan that was spread through fake text messages pretending to be package tracking links. Users installed what they thought was delivery app, but instead, it stole passwords and banking details. Workplace Mistakes In professional settings, human error happen can look like this: Employees might plug in an infected USB drive, fall for a phishing email or ignore cybersecurity policies, allowing attackers to breach the company. Mistakes like these can be very costly. Example, a hacker can trick someone in the finance department into downloading a Trojan disguised as an invoice. The trojan installed ransomware that locked all company files, forcing the business to pay a large sum on money in cryptocurrency.