The Psychology Of Phishing: The Danger Behind Certain Emails

With the advent of technology, and more particularly the development of the Internet, everything around us has adapted to this format. Thus, criminal acts, such as phishing, are no less present.

Cyber ​​attacks are quite common and have taken various forms. Spyware, adware, worms, or Trojans. Another of the most common cyber attacks is phishing, which consists of stealing information via email.

This type of attack is very dangerous because cyber criminals pose as people or businesses that require user action. Among these, opening a malicious file or filling in a series of data – banking or personal -, which will always be to your advantage.

In addition, it is a method capable of infecting many people very quickly. It is estimated that in 2019 there were over nine million such attacks.

Although at first it might seem easy to identify these scams, in many cases criminals know how to do it so that users fall into their networks. With their methods, they play with people’s emotions and basic psychological processes, repeatedly realizing that their strategy is not identified as misleading.

Your social engineering

Cybercriminals design their scams on the basis of knowledge in sociology and social psychology. Usually, all of these tips are set to play with four emotions: greed, curiosity, grief, and fear. The combination of these emotions makes us react almost instinctively.

So, by playing with these four aspects and taking into account other social behaviors, phishing cybercriminals have spawned various tactics to trick us into providing them with valuable information.

The three main behaviors that were taken into account to attack us will be described. However, this will depend on individual personal characteristics and the ability to differentiate between signals that can serve as alarms.

Respect for authority

In general, people tend to follow orders or instructions, without asking questions, from someone who has some prestige or power. In other words, this cognitive bias causes them to ignore for a while their own opinions or consequences and to obey, mainly out of fear, the orders given by this higher entity.

This representation of authority can be a boss, a large state organization or even a company with a certain prestige. So, for phishing, criminals often use accounts that appear to be businesses or large corporations, requesting action that may seem relevant. In this way, the recipient of the email will see at first glance that what he is reading is real and gives him a feeling of security.

An example of this strategy is the scams that have been carried out on behalf of the Tax Agency, linking to the false promise of obtaining tax refunds. Or, an email from a senior business manager requesting the opening of a file for a new project.

The sense of urgency

This manipulation technique has been widely used in areas other than phishing, such as marketing. Basically, it is about creating an emergency situation which puts the user in the position of having to act quickly. When this strategy is used, fear is generally used.

The received mail alerts the person with a danger message. For example, “you have a virus on your computer” or “someone has tried to access your personal account”. Another variation is to generate the need to be the first (“Only the first 50 people to register will receive the prize”). At that point, the fear of losing the opportunity may cause us to buy or accept the proposal without considering other options.

In other words, they cause fear that leads to a reckless, quick and irrational decision being made, ignoring aspects of the message that may be essential. Additionally, swear words in red are often included to reinforce this sense of danger. The problem is, while there is suspicion that it may be a hoax, you can fall into the trap of trying to see if this is true.

Automatic actions and phishing

There are many actions that we do automatically, without being fully aware of them. They are usually the result of experience and repetition, so we activate a pilot and pay no attention to them. For example, clicking a big red button that says “click here” versus a button that goes unnoticed.

In this sense, phishing criminals take advantage of these automatic mechanisms to make us fall into the trap. They can take advantage of this by asking us to resend an email that apparently hasn’t been sent.

Or give us the false option to stop receiving emails from this account. When in reality, none of the actions they ask of us are real.

This type of strategy is effective and dangerous, because it is seemingly innocent actions that we are used to doing. They play with it, knowing that when faced with this type of task, our attention is diminished.

We subconsciously select only striking information. In other words, we ignore the details and make decisions without too detailed analysis.

How to avoid being trapped by phishing?

Of course, there are people who can spot this type of deception better than others. But we are all potential victims. Therefore, in order to try not to get ripped off, one should be aware of the possibility of danger.

Thus, the whole email or message will be read more consciously. If the sender is not known, try to find out if the email account is real.

And, above all, you have to try not to react quickly and stop to think about the consequences. Or if the message is relevant or common that these people communicate that way.

In other words, take a moment to think it over and try to spot signs that may be suspicious. In addition, it is important to inform the authorities. So that the phenomenon does not cause harm to other people.

Our thoughts

People who compare us to others have, above all, low emotional intelligence. But what are the other reasons …