Understanding Cybercrime Modus Operandi: Techniques, Psychological Tricks, and Countermeasures

Cyber professionals and general users are still challenged on how to secure cyberspace and their related activities. The primary challenge remained difficulty in identifying the perpetrators of cybercrimes due to the anonymous nature of the internet and the use of sophisticated and stealthy techniques by attackers to hide their identities. The emergence of advanced crime in cyberspace such as Advanced Persistent Threats (APTs) unlike traditional cyberattacks, APTs are characterized by the use of stealthy tactics, including advanced evasion techniques and zero-day vulnerabilities, making them challenging to detect using conventional security measures. Therefore, this study aimed to explore the techniques, psychological tricks, technical tricks, and countermeasures using the two models of cyberattacking: cyber kill chain and cyberattacking process phase’s models. The study applied the Systematic Literature Review (SLR) and Autoethnography methods. The sample of 305 sent (replied) emails from the Yahoo account of the Author from 2012 to 2024. The OSINT techniques are used to verify the empirical validity of the 10 spammed message contents. The study found that in traditional phishing, the attack uses a combination of tricks such as false identity and financial lures, emotional manipulation and trust through divinity and love psychological tricks, involvement of the trusted figure usually the religious leaders, direct solicitation of personal information, urgency and action. In general, we conclude that phishers usually a combination of blended psychological and technical tricks to manipulate the recipient into providing personal information and facilitating the scam. Notably, phishing attacks start with psychological tricks to induce or deceive the target to accept the technical tricks such as clicking the link or downloading. Therefore, we recommend that cyber professionals and general users engage in cognitive training to raise cybersecurity awareness