Cybercriminals use many forms of deception to trick people into revealing sensitive information, clicking on malicious links, or transferring money to a criminal’s account. These deceptive techniques exploit our emotions, our instincts, and our habits of thinking and behaving, as well as our cognitive and perceptual biases and weaknesses.
Understanding the psychology of deception can help us protect ourselves from cyber security threats.
The psychology of deception
Deception is the intentional manipulation of someone's beliefs, emotions, or actions for illicit purposes and personal gain.
Deception relies on exploiting human vulnerabilities, such as our emotions.
Emotions are subjective feelings that influence our judgments, decisions, and behaviours. Scammers try to manipulate our emotions by creating a sense of urgency or scarcity; they pose as trusted authorities to get us to comply; or they appeal to our empathy, curiosity, or greed.
For example, a phishing email may claim that our account has been compromised and we need to act quickly, or that we have won a lottery, and we need to claim our prize.
Often scams appeal to our wiliness to help (altruism). Hundreds of thousands of dollars have been lost when people thought they were helping to start an orphanage or help someone in need receive urgent medical care.
These emotional hooks can override our rational thinking and make us more susceptible to deception.
Instincts are often overlooked in our modern world, or they are attributed only to “lesser animals”. However, the human animal is regularly subjected to powerful instincts that often go unnoticed.
For example, our instincts to procreate, provide, and protect are potent forces driving many of our everyday behaviours, attitudes and beliefs.
They also make us vulnerable to cybercrimes. The parent, grandparent or “Hi Mum” scams prey on our instincts to provide for and protect our children, family and friends.
When we think our loved ones may be in trouble or need our help, we will do anything we can to provide for them and keep them safe. Cyber criminals exploit these instincts and get us to turn over money and information.
Our procreation instincts are exploited in romance scams. Our needs for companionship, social connection, and love are so strong, that they can completely override any rational thoughts. People who have been the victim of romance scams, even after being confronted by law enforcement officials with the evidence of the scam, still sometimes do not believe what is plain for everyone else to see, as they say, “Oh no, they would ever do that to me.”
Our habits of thinking and behaving also can make us vulnerable to deception. When the phone rings, we answer it.
We open an email, scan it quickly, click on the link provided and we are in trouble before we ever really think about it as we are acting on automatic pilot out of habit.
This is a significant contributor to why phishing mails are still the number one ‘threat vector’ and are involved in most cybercrimes and scams. We are deceived by our habitual ways of thinking and behaving.
Cognitive biases are systematic errors in our thinking that affect how we perceive and interpret information. Cyber criminals deceive us and exploit our cognitive biases by presenting information that confirms our existing beliefs, anchors our expectations, and/or influences our behaviours.
For example, a scam website may display fake testimonials, reviews, or badges to create an illusion of credibility, trust, or popularity. Deep fake audios and videos often use well known people (e.g., celebrities or political figures), or people in positions of authority within our organisations (e.g., they impersonate our CEO, CIO, or bosses), to try and convince us to transfer money or reveal personal and private information.
These factors can influence our thinking, judgement, and decision making and make us more susceptible to deception.
Finally, our perceptual weaknesses make us vulnerable to deception as we sometimes simply mis-perceive things because we do not see the world the way it “really” is. We are all vulnerable to illusions. T
ake a look at the following examples:
Cyber criminals create the illusion of trust, connection, scarcity, legitimacy, authority, urgency, love, and reciprocity. They exploit us mercilessly. hey have no scruples. They will steal from our children and from our grandparents with no remorse. They will identify any weakness and will try any tactic to steal our money and information.
Be mindful when online, on your phones, and on social media.
“Fore warned, is for-armed” is an old saying that is appropriate when discussing how cybercriminals try to manipulate our emotions, instincts, habits, and our cognitive and perceptual biases.
Protect yourselves, your personal and financial information, as well as your loved ones by talking about these issues and keeping them in mind when necessary.
Dr James Carlopio is Executive Director at Cultural Cyber Security. Dr Carlopio has worked on cultural and technology transformation projects for numerous Australian, European and US-based organisations. He as worked with organisations such as the United Nations (ACT/EMP) in Geneva and Zurich Switzerland, with Origin. and has published over three-dozen articles and five books on various socio-technical issues and has written a regular section for the Australian Financial Review BOSS magazine. Visit: www.culturalcybersecurity.com