ELI5: What are Human Vectors?
Instead of breaking through a computer’s defenses, bad guys trick the person using the computer. People are the “unlocked door” because they can be fooled by lies, fake stories, and urgency.
Definition
Human vectors are attack pathways that exploit human behavior, psychology, and trust rather than technical vulnerabilities. Social engineering is the primary technique—attackers manipulate people into divulging information, performing actions, or bypassing security controls. Human vectors are highly effective because they bypass technical defenses entirely and exploit the inherent human tendencies of trust, helpfulness, authority, and urgency.
Key Details
- Human vectors exploit psychological principles: authority, urgency, scarcity, social proof, reciprocity, and liking.
- Examples: phishing emails, vishing (phone), smishing (SMS), pretexting, tailgating, baiting.
- Often the easiest initial access vector for attackers—even heavily fortified networks can be compromised through a single deceived employee.
- Counter-measures: security awareness training, phishing simulation, clear verification procedures, zero-trust access policies.
- No amount of technical security fully eliminates human factor risk—defense must include training and culture.
Connections
- Parent: attack-vectors — the human category of attack vectors
- See also: attack-surface-management