Two-step phishing attacks aren't going awaygettyUpdate, Nov. 19, 2024: This story, originally published Nov. 17 now includes new reports of other tactics that are increasingly being used by threat actors in phishing cyber attacks.Just as security professionals will tell you that layered defensive strategies are the best when it comes to staving off successful attacks, so attackers will often look to precisely the same when executing their cyber attacks. Two-step phishing attacks have, in the words of security researchers from Perception Point, become a cornerstone of modern cybercrime, leveraging trusted platforms to deliver malicious content in layers to evade detection. Everything changes, but everything stays the same. Those same researchers have warned of a new attack methodology employing such 2SP tactics but involving Microsoft Visio files as a new evasion tactic. Heres what you need to look out for and what steps you can take to mitigate the risk of falling victim to these new 2SP cyber attacks, and why you shouldnt hold down the Ctrl key when asked.Two-Step Cyber Attacks Are The Pinnacle Of Phishing By DesignA new analysis published by Peleg Cabra, the product marketing manager at Perception Point, has revealed how security researcher Ariel Davidpurthe use of Microsoft Visio .vsdx format files to evade detection during credential stealing cyber attacks.Because Visio is a commonly used tool employed in the workplace to help visualize complex data or workflows, the use of .vsdx format files fits nicely into the threat actor strategy of harmless familiarity being at the heart of many a phishing attack. Now, the Perception Point researchers said, the exact same files are being weaponized in the delivery of malicious URLs as part of a two-step phishing attack scenario: drop the lure, set the trap.Describing what they referred to as a dramatic increase in two-step phishing attacks leveraging .vsdx files, the security researchers explained how the cyber attacks represented a sophistication of two-step phishing tactics, targeting hundreds of organizations worldwide with a new layer of deception designed to evade detection and exploit user trust.Evolution Of The Two-Step Phishing Cyber AttacksIf such a warning were necessary, here it comes: email account security is vital if cyber attacks such as these latest two-step phishing ones are to be stopped. Why so? Because, the researchers said, they started with threat actors leveraging breached email accounts in order to send emails that pass basic authentication checks as they come from genuine domains.These emails will contain a common phishing component designed to lure the recipient into the trap: a business proposal or a purchase order, accompanied by an urgent request to view and respond to. Of course, when the victim does just that, and click the URL, they get led to the trap itself: an often-compromised Microsoft SharePoint page itself, but whatever one that is hosting a .vsdx Viso file. The layers of the cyber attack start unraveling at this point, with another URL embedded in that file and behind what the researchers described as a clickable call-to-action, most commonly a view document button.Please Hold Down The Ctrl Key Is An Instruction In These Newly Uncovered 2SP Cyber AttacksThis is where these 2SP cyber attacks get really clever, although I hate applying that word to cybercriminals. To access the embedded URL, victims are instructed to hold down the Ctrl key and click, the Perception Point researchers said, a subtle yet highly effective action designed to evade email security scanners and automated detection tools. By asking for this human interaction, the attackers hope to bypass automated systems that dont expect such a behavior in an attack.The victim is now redirected to another fake page, this time one that looks for all intents and purposes to be a Microsoft 365 portal login page which is designed, of course, to steal user credentials. There is no mention in the Perception Point report of this step including a session cookie compromise tactic, which means that one way to stop it from being successful would be to have robust two-factor authentication in place for the account that is being targeted in such cyber attacks.Scalable Vector Graphics Are Deployed In New Cyber AttacksHeres HowA new report by Lawrence Abrams, the editor-in-chief at Bleeping Computer, threat actors are increasingly using another clever tactic involving the use of scalable vector graphics as attachments during the deployment of phishing cyber attacks. This technique is designed to either display malicious forms to the victim, or deploy malware directly, both while evading detection by security software. The tactic relies on the fact that unlike pixel-constructed images, scalable vector graphics are created using a mathematical formula that instructs how lines, shapes and text should be displayed on the screen. Security researcher MalwareHunterTeam, told Bleeping Computer how threat actors are using the fact that SVG attachments can display HTML and execute JavaScript when the image itself is being loaded. The clever bit is that these are used to create credential-stealing forms. Abrams demonstrated how such a technique could display an Excel spreadsheet that comes complete with an embedded login form to send credentials to the threat actor deploying the cyber attacks. It has been noted, however, that other cyber attacks employ JavaScript embedded within the SVG attachments to redirect browsers to sites hosted by the threat actors when opening the image itself.Mitigating SVG Attachment Cyber AttacksThe problem is that since these files are mostly just textual representations of images, Abrams said, they tend not to be detected by security software that often. This means that the last line of defense is the same as the first: you, the human being. Ask yourself why you would be getting an attachment in scalable vector graphics format in the first place, if these are not commonplace within your workflow. If you are a developer or someone else who is used to seeing SVG attachments, then ask yourself who is sending them and whether this is normal behavior for them. Treat all emails that come with an SVG attachment as suspicious, and that way, you might just save yourself and your organization from falling victim to these phishing cyber attacks.Tackling Cyber Attacks During International Fraud Week 2024International Fraud Week is taking place this year between Nov. 17 and 23, with the aim to promote anti-fraud awareness and education globally. There is no doubt that technology provides both a powerful weapon and equally has the potential to mitigate fraud which is often the ultimate payload of many cyber attacks. With that in mind, what better time to examine the new forms of fraud facing businesses from the cyber side of the threat fence. The instruction to hold down the Ctrl key when clicking on a link during the two-step phishing attack detailed above is one such example, but there are many more.As Muhammad Yahya Patel, lead security engineer at Check Point Software, pointed out, the advancement of technology has empowered both legitimate industries and cybercriminals alike, which makes fraud prevention simultaneously more critical and complex. From cyber fraud and internal fraud to increasingly sophisticated scams like CEO fraud and AI-driven schemes, Patel said, the landscape of business fraud is both diverse and evolving.While the trajectory of cyber fraud has undoubtedly evolved alongside advancements in technology, some might even say it has overtaken the technological trend line, understanding what the main fraud categories, the most prevelant cyber attacks, are is essential in being able to defend against their impact.Patel suggests the following six categroies need to be on your awareness list:Cyber Fraud: The use of phishing, malware, and ransomware remains prevalent. Cybercriminals target sensitive data and disrupt business operations.Internal Fraud: A significant threat from within, internal fraud involves fraudulent actions by employees, including document falsification, embezzlement, and theft.Invoice Fraud: Fraudsters send fake invoices to businesses, hoping theyll be processed without scrutiny.CEO Fraud: Often referred to as business email compromise (BEC), fraudsters pose as high-ranking executives to trick employees into transferring funds or sharing sensitive informationReturn Fraud: Especially common in retail, return fraud occurs when customers exploit return policies for financial gain.Payroll Fraud: When employees manipulate payroll systems for personal gain, it can lead to unexpected financial losses.A Shift Away From Generic To Targeted Cyber AttacksRansomware is an excellent example of how a threat evolves over time and, as a result, becomes much more dangerous. Ransomware started as a totally untargeted type of cyber attack that took a scattergun approach to malware distribution. By sending as many infected emails to as wide an audience as possible, regardless of ability to pay or value of data held, the threat actors hoped enough victims would bite to make it profitable. Almost inevitably, the attackers making the most money were the ones who realized that strategic targeting of those with the most to lose and the biggest bank balances rose to the top. This ended up changing the entire ransomware landscape to one where sophisticated reconnaissance methods, infiltrating systems over extended periods and extracting sensitive data to leverage against individuals or companies in double-extortion schemes became the norm. This heightened level of personalization makes it harder to detect and often more devastating, Patel said, as cyber fraud grows in sophistication, our defenses must evolve accordingly. With AI enhancing the reach and impact of fraud, organisations must adopt security that is equally dynamic, leveraging AI-powered solutions to outpace and outsmart attackers. There can be little arguing that building a resilient defense against cyber attacks not only prevents fraud but, as Patel concludes, fosters a safer, more trusted environment for all."

Hackers have turned to snail mail as a malware distribution method.gettyUpdate, Nov. 19, 2024: This story, originally published Nov. 18 now includes new advice from security professionals relating to the use of QR codes in cyber attacks.In what I can only describe as a first in my decades of real-world experience covering cyber attacks of all shapes and sizes, cyber criminals have turned to decidedly old technology to distribute malware according to this new warning from the Swiss National Cyber Security Centre: snail mail. Yes, you read that right. It appears that good old-fashioned paper letters posted in envelopes with stamps on them, are being used as the starting point in a bunch of new phishing cyber attacks. Heres what we know.Hackers Are Using Printed QR Codes Sent By Snail Mail In Latest Swiss Cyber AttacksAs first reported by The Register, the Swiss National Cyber Security Center has issued a warning to citizens of Switzerland after cyber attacks employing the physical postal service were uncovered. The letters, posted using what we used to call snail mail in the early days of email, purport to have been sent by MeteoSwiss, the Swiss Federal Office of Meteorology and Climatology. The letters are, of course, fake. However, the QR code that is printed on them with so-called advice to download a severe weather warning app, is very real indeed. As is the threat posed to anyone who should do so.The app itself is designed to look similar to the genuine Alertswiss app that comes from the Swiss Federal Office for Civil Protection. However, rather than alert the user to danger, the app is the danger in and of itself. The QR code, if scanned using the recipients smartphone, will download malware by the name of Coper, also known as Octo2. Once installed, this will attempt to steal sensitive data from apps already loaded on the device, including banking apps, the Swiss NCSC said.QR Code Postal Cyber Attacks Look To Exploit Lack Of Ingrained SuspicionDelivering QR code letters physically via Switzerlands postal service is an effective way for criminals to catch out unsuspecting victims, Mike Britton, chief information officer at Abnormal Security, said, by pretending to be a trusted source, threat actors are banking on the lack of caution that recipients may have.MORE FOR YOUAccording to Britton, as a relatively new attack vector these kind of QR code scams simply dont have the kind of ingrained suspicion that people might increasingly apply to other, more traditional, phishing techniques.Just as weve seen in the UK with a recent Winter fuel payments scam, attackers are seeing success in imitating trusted sources in a timely manner, Britton warned, unlike on the web where you can use automated solutions to catch out phishing attempts, these attacks will be solely down to the individual to catch out.Snail Mail Cyber Attacks Only Target Android UsersThe good news is that these cyber attacks are only targeting people and businesses within Switzerland. The better news, for Swiss iPhone users at least, is that they are also only targeting Android smartphone users.The Swiss NCSC advised that anyone who has received such a letter from these new cyber attacks and already downloaded the app should reset their device to factory settings to remove all trace of it.I can only assume that, if these cyber attacks have been successful enough, other threat actors in other countries will try to repeat them. In which case, the advice to ignore such letters and only download apps from official app stores applies to everyone reading this.

Key TakeawaysAs per inside sources, Elon Musks AI company xAI has managed to secure $6 billion in funding.The bigger chunk of the funding, $5 billion, comes from Middle Eastern sovereign funds whereas the rest of the $1 billion came from other investors.This money will be used to purchase 100,000 Nvidia chips that will power the upcoming line of Teslas Full self-driving cars.Elon Musks AI company xAi has managed to raise $6 billion in funding. This round of funding will increase the valuation of the company to $50 billion, more than doubling the valuation of $24 billion in its last round of funding in May.As per inside sources, the funding is coming in two parts. $5 billion will be coming from sovereign funds from the Middle East and the remaining $1 billion will be coming from other investors.Some of these investors are new and the rest are simply renewing their funding. All the deals are expected to close by next week.As per sources close to the company, this money will be used to purchase 100,000 Nvidia chips. These chips will power the new Memphis supercomputer which in turn will power Teslas upcoming line of Full Self Driving cars.The Trajectory of xAIs JourneyxAI was launched in July 2023 and in just a little over a year, it has made significant progress.It started with the release of an AI-powered chatbot called GrokAI to compete with leading industry players such as ChatGPT and Gemini. After its success, two newer versions Grok AI 2 and GrokAI Mini were also released shortly after, with the added feature of image generation.Up until now, GrokAI has only been available to paid users. However, as per recent reports, the company is also testing a free version that will be available to all users.And now comes the biggest news the xAI Colossus, the worlds largest AI supercomputer, received approval from the Tennessee Valley Authority in early November. It will now get 150mw of power from the states grid (previously it was only getting 8mw), allowing it to train GrokAIs family of large language models for efficiency.Such a huge power demand has naturally raised concerns from local activists. However, experts estimated that it actually requires at least 155mw to run the 100,000 GPUs that are powering the system. So Musks demand for 150 is actually quite conservative.Add Techreport to Your Google News Feed Get the latest updates, trends, and insights delivered straight to your fingertips. Subscribe now! Subscribe now Krishi is an eager Tech Journalist and content writer for both B2B and B2C, with a focus on making the process of purchasing software easier for businesses and enhancing their online presence and SEO.Krishi has a special skill set in writing about technology news, creating educational content on customer relationship management (CRM) software, and recommending project management tools that can help small businesses increase their revenue.Alongside his writing and blogging work, Krishi's other hobbies include studying the financial markets and cricket. View all articles by Krishi Chowdhary Our editorial processThe Tech Reporteditorial policyis centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written byreal authors.

Key TakeawaysThe House Select Committee on China has raised concerns over Amazons latest e-commerce deal with TikTok.The Committee had called for a meeting with Amazon representatives where they were advised against the partnership.TikTok is being deemed a threat to national security and is on the verge of being banned in the US. So naturally, this partnership is not being received well by authorities.Amazons controversial partnership with TikTok amidst trouble between the US and China has invited questions from the House Select Committee on China.In recent months, a few representatives from the company also met with the Committee members at Capitol Hill sometime in September to discuss the sudden increasing closeness between the two companies. This has been directly confirmed by a spokesperson from the committee.The Committee has told Amazon that this is a dangerous deal and its unwise for the company to partner up with TikTok as it poses a severe threat to the countrys national security.This isnt the first time that TikTok has been accused of being a threat to the US. The company has been under fire for months. In March 2024, US lawmakers presented a new bill that would force TikTok to either cut ties with its parent company Bytedance, or risk getting banned in the US.The reason behind such a bill is that the tension between the US and China has been growing unchecked for the past many months. This has led US lawmakers to believe that China might leverage its influence on apps like TikTok to spy on US citizens.Although TikTok has assured time and again that it never transferred any US citizen data to Chinese authorities, US authorities didnt budge. At last, TikTok has decided to legally challenge this bill the battle is still underway.Like many other US companies, we maintain open lines of communication with officials across all levels of government to discuss issues that are of interest to policymakers, our employees, and our customers. AmazonThe deal was announced in August which allows TikTok users to shop Amazon products without leaving the TikTok platform. This will be executed in three ways:link their Amazon accounts with their TikTok profiles so they can check the pricing of the products in real time. product suggestions on the For You page with clickable links.This partnership is a win-win situation for both companies. Amazon gets to tap into TikToks massive GenZ user base while TikTok gets to gain more credibility and firmly plant its feet in the US amidst the rising pressure of a possible ban.However, its hard to say whether business expansion is the only motive for this deal. Amazon has been a top advertiser on TikTok US for many years, but some industry experts believe that the main motive for this deal is to make it harder for the authorities to ban TikTok.If that is the case, Amazon isnt the only one. The NFL, music distribution platform UnitedMasters, social shopping tool LTK, and sports and venue management company Monumental Sports & Entertainment have also signed deals with TikTok.Again, no one said outright that they dont believe TikTok will be banned. However, since Donald Trump won the recent elections and is also against this ban, things might actually go in TikToks favor.Add Techreport to Your Google News Feed Get the latest updates, trends, and insights delivered straight to your fingertips. Subscribe now! Subscribe now Krishi is an eager Tech Journalist and content writer for both B2B and B2C, with a focus on making the process of purchasing software easier for businesses and enhancing their online presence and SEO.Krishi has a special skill set in writing about technology news, creating educational content on customer relationship management (CRM) software, and recommending project management tools that can help small businesses increase their revenue.Alongside his writing and blogging work, Krishi's other hobbies include studying the financial markets and cricket. View all articles by Krishi Chowdhary Our editorial processThe Tech Reporteditorial policyis centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written byreal authors.

WTF?! Garbage collectors often stumble upon valuable or undamaged items, but finding a mostly functional, high-end PC might rank among one of the luckiest recent finds. Although the components are a few years old, the system booted flawlessly after a few smart repairs and minor replacements. Redditor and garbage truck driver "Siezio" recently shared, then deleted, photos of a gaming PC he salvaged from the trash and easily restored. The rig included an AMD Ryzen Threadripper 3970X, a GeForce RTX 2080 Ti with 11GB of VRAM, and 32GB of DDR4 RAM.The only missing component was internal storage, and Siezio replaced the water-damaged power supply unit (PSU) as a precaution. After thoroughly cleaning the other components with isopropyl alcohol and letting them dry for two days, the system powered on without issue.While Siezio had previously found other PCs in the trash, they were either severely damaged or decades out of date. In contrast, the 3970X and 2080 Ti are relatively modern, only five and six years old, respectively. Both were enthusiast-class components at launch and still hold up well today.The Threadripper 3970X is a 32-core monster that debuted in 2019 with a $1,999 price tag. We gave the workstation processor a glowing review upon its 2019 release.Meanwhile, the GPU, initially priced at $999, was a flagship beast when it debuted in 2018. It last appeared in our benchmark tests for Warhammer 40,000: Space Marine 2 last September, where it performed similarly to recent mid-range graphics cards like the RTX 3060 Ti. Purchasing a used 3970X and 2080 Ti together in 2024 would likely cost around $1,000. // Related StoriesUnsurprisingly, many commenters responded to Siezio's discovery with jealousy, wondering why someone would throw away a PC that likely cost over $3,000 without at least attempting to sell it. The hardware was released just before events like the cryptocurrency mining boom, import tariffs, and supply chain disruptions drove up electronics prices.Though the PC is the most valuable salvage from Siezio's three-and-a-half-year career, it is far from the only useful discovery. The truck driver has also found a power drill worth 250, multiple ratchet sets, an unopened Bluetooth keyboard that now controls his TV, and a chainsaw that only required a new spark plug.Furthermore, nearly all of Siezio's car tools were rescued from the trash. While most of the items were initially broken, repair guides on YouTube made restoring them straightforward.Images via Tom's Hardware

AI startup Perplexity has launched a new shopping feature that it describes as a one-stop solution where you can research and purchase products.Available initially for U.S.-based users of its paid Pro subscription tier before expanding soon internationally, Perplexity Shopping is a shot across the bows of rival services like Google and Amazon as the company seeks to attract more users to its AI chatbot while building out related services like search and online shopping.Recommended VideosYou can use it to research and make purchases on all things like building your library, buying electronics for throwing a party, and so on, the San Francisco-based company said in a thread on X that also included a short video (below) showing the new feature in action. Introducing Perplexity Shopping: a one-stop solution where you can research and purchase products. It marks a big leap forward in how we serve our users empowering seamless native actions right from an answer. Shopping online just got 10x more easy and fun. pic.twitter.com/gjMZO6VIzQ Perplexity (@perplexity_ai) November 18, 2024The video shows how you can enter queries in a conversational way, just as you would with any other AI chatbot. It also lets you refine results via follow-up responses like, Under $100.Perplexity Shopping includes features such as a one-click checkout designed to save you time by having purchases fully processed within the app instead of being transferred across to the merchants site. Just save your shipping and billing information through our secure portal and select Buy with Pro to place your order, the company explained, adding that all Buy with Pro orders come with free shipping. In cases where Buy with Pro isnt available, you will be redirected to the merchants website to complete the purchase.The new tool also includes a Snap to Shop visual search tool that shows you relevant products in response to any images that you upload, helping you to find an item even when you dont have a name for it.In an apparent swipe at Google, Perplexity points out that its shopping suggestions arent sponsored, describing its results as unbiased recommendations that are powered by AI and based on in-platform reviews. When you ask Perplexity a shopping question, youll still get the precise, objective answers you expect, plus easy-to-read product cards showing the most relevant items, along with key details presented in a simple, visual format.Away from shopping, however, Perplexity recently revealed that it will start inserting ads into its general chatbot responses for users in the U.S. in the form of sponsored follow-up questions and paid media positioned to the side of an answer.Editors Recommendations

Stunning footage from the International Space Station (ISS) shows a glorious-looking aurora shimmering above our planet.Captured last month and shared by the ISS on X over the weekend, the footage (below) begins with a faint green tinge on Earths horizon as seen from the space station some 257 miles up. But as the video continues, the green tinge develops into something far more spectacular, all against a gorgeous star-filled backdrop.Recommended VideosThe International Space Station soars above an aurora blanketing the Earth underneath a starry sky before orbiting into a sunrise 257 miles above Quebec, Canada, on October 30, 2024, NASA said in a message accompanying the 60-second video.RelatedThe International Space Station soars above an aurora blanketing the Earth underneath a starry sky before orbiting into a sunrise 257 miles above Quebec, Canada, on Oct. 30, 2024. pic.twitter.com/fqp7tu57CZ International Space Station (@Space_Station) November 16, 2024Aurora, which are caused by the interaction of solar wind with the Earths magnetic field and atmosphere, are a common sight for astronauts aboard the ISS, especially during periods of heightened solar activity.NASA astronaut Matthew Dominick, who recently departed the station after a six-month stay in orbit, referred to aurora as insane, and shared an incredible video showing one streaming behind Boeings Starliner spacecraft when it was docked at the ISS earlier this year.After witnessing aurora from the orbital outpost, another NASA astronaut, Jasmin Moghbeli, commented, Every single time Im amazed at how alive and beautiful our planet is, while current ISS astronaut Don Pettit described a recent experience as, stunning. He added: We were not flying above the aurora, we were flying in the aurora. And it was blood red.Just last month, Pettit, who at 69 is NASAs oldest serving astronaut, expressed the phenomenon in his own unique way, saying: The sun goes burp and the atmosphere turns red.Editors Recommendations

Tis the season for sleuths and secrets.

Meditations on the way songs affect us at the deepest level, and reflections on the joys of performing and composing.

Humbling findings Trust in scientists hasnt recovered from COVID. Some humility could help. Intellectual humility could win back much-needed trust in science, study finds Beth Mole Nov 18, 2024 4:52 pm | 110 Illustration of a scientist speaking in front of an audience. Credit: Getty | BRO Vector Illustration of a scientist speaking in front of an audience. Credit: Getty | BRO Vector Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreScientists could win back trust lost during the COVID-19 pandemic if they just showed a little intellectual humility, according to a study published Monday in Nature Human Behavior.It's no secret that scientistsand the science generallytook a hit during the health crisis. Public confidence in scientists fell from 87 percent in April 2000 to a low of 73 percent in October 2023, according to survey data from the Pew Research Center. And the latest Pew data released last week suggests it will be an uphill battle to regain what was lost, with confidence in scientists only rebounding three percentage points, to 76 percent in a poll from October.Building trustThe new study in Nature Human Behavior may guide the way forward, though. The study encompasses five smaller studies probing the perceptions of scientists' trustworthiness, which previous research has linked to willingness to follow research-based recommendations."These are anxiety-provoking times for people, and they feel uncertain about who to trust and which recommendations to follow," said study co-author Karina Schumann, a psychology professor at the University of Pittsburgh. "We wanted to know what can help people feel more confident putting their faith in scientists working to find solutions to some of the complex global challenges we are facing."Schumann and her colleagues homed in on the role of intellectual humility. Unlike general humility, intellectual humility focuses on the limitations of one's knowledge. Specifically, a scientist with high intellectual humility would show a willingness to admit gaps in their knowledge, listen to input from others, and update their views based on new evidence. These characteristics may be viewed by the public as particularly critical among scientists, given that science is rife with uncertainties and lacks complete and unequivocal conclusions, especially from individual studies.There's also good reason to think that scientists may be doing a poor job of displaying intellectual humility. The latest survey data from Pew found that 47 percent of Americans perceive scientists as feeling superior to others, and 52 percent indicated that scientists communicate poorly.Study seriesFor a look into how intellectual humility could help, Schumann and her colleagues first surveyed 298 people and looked to see if there was a link between viewing scientists as intellectually humble and believing in scientific topics considered polarizing. The sub-studystudy 1found strong links between the perceived intellectual humility of scientists, trustworthiness, and support for human-driven climate change, lifesaving vaccinations, and genetically modified foods.In studies 2 through 4, the researchers experimentally tested expressions of intellectual humility (IH)either high or low levelsand how they affected perceived trustworthiness. In study 2, for instance, 317 participants read one of three articles involving a fictional scientist named Susan Moore, who was researching treatments for long COVID. There was a neutral article that functioned as a control, and articles with cues that Dr. Moore had either high or low IH. The cues for high IH included text such as: "Dr. Moore is not afraid to admit when she doesnt yet know something." For low IH, the article included statements such as: "Dr. Moore is not afraid to assert what she knows."The high IH article spurred significantly more trust in Dr. Moore than the low IH articles, the researchers found. However, there wasn't a statistically significant difference in trust between the control and high IH groups. This might suggest that people may have a default assumption of high IH in scientists without other cuesor they are especially annoyed by low IH or arrogance among scientists.Study 3 essentially replicated study 2, but with the tweak that the articles varied whether the fictional scientist was male or female, in case gendered expectations affected how people perceived humility and trustworthiness. The results from 369 participants indicated that gender didn't affect the link between IH and trust. Similarly, in study 4, with 371 participants, the researchers varied the race/ethnicity of the scientist, finding again that the link between IH and trust remained."Together, these four studies offer compelling evidence that perceptions of scientists IH play an important role in both trust in scientists and willingness to follow their research-based recommendations," the authors concluded.Next stepsIn the final study involving 679 participants, researchers examined different ways that scientists might express IH, including whether the IH was expressed as a personal trait, limitations of research methods, or as limitations of research results. Unexpectedly, the strategies to express IH by highlighting limitations in the methods and results of research both increased perceptions of IH, but shook trust in the research. Only personal IH successfully boosted perceptions of IH without backfiring, the authors report.The finding suggests that more research is needed to guide scientists on how best to express high IH. But, it's clear that low IH is not good. "[W]e encourage scientists to be particularly mindful of displaying low IH, such as by expressing overconfidence, being unwilling to course correct or disrespecting others views," the researchers caution.Overall, Schumann said she was encouraged by the team's findings. "They suggest that the public understands that science isnt about having all the answers; it's about asking the right questions, admitting what we dont yet understand, and learning as we go. Although we still have much to discover about how scientists can authentically convey intellectual humility, we now know people sense that a lack of intellectual humility undermines the very aspects of science that make it valuable and rigorous. This is a great place to build from."Beth MoleSenior Health ReporterBeth MoleSenior Health Reporter Beth is Ars Technicas Senior Health Reporter. Beth has a Ph.D. in microbiology from the University of North Carolina at Chapel Hill and attended the Science Communication program at the University of California, Santa Cruz. She specializes in covering infectious diseases, public health, and microbes. 110 Comments