Skip to content

Manipulation of human emotions is key for a phishing attack success

“Congratulations! You have just won 30 million euros – follow the link to grab it!”, said the message I received last week. Honestly, it was too much to be true, it was in fact a phishing attack. However, manipulation of human emotions is what cyber attackers do. Methods they use are borrowed from practical psychology and relate to social engineering. Playing with human feelings, fears and reflexes allows cyber criminals to gain access to the information they look for.

When creating phishing email messages, attackers have two main goals: gain the user’s password or try to force a certain file download. Unfortunately, the level of user awareness about modern cyber threats is still rather low. In this post I will describe the basic techniques to help you recognize a trap.

“Update Needed: Verify Your Payment Information”

When you work hard, you receive and reply tons of emails every day. It can be difficult to focus on every message, whether you work in the office or from home.

You get an email message that contains an attachment or a link in its body. Lack of attention especially re-enforced by respect for authorities can persuade you to open the document without checking it twice.

“You’ve been hacked – please, change your password”

Our digital profiles are as precious as gold for us. Business and personal data, access to social networks and online banking – it is all online. Anybody would be scared to have their money, data and reputation compromised.

Fear especially boosted by the sense of urgency would make ordinary users go to change their passwords straight away, clicking the link in the email. Unfortunately, it would lead to a phishing web page looking identical to the real one.

“Your message wasn’t delivered”

You receive an email stating that some messages were not delivered due to server problems. What if you missed something important?

Many people are curious by nature and cannot resist the temptation to click the link, even if they have not sent any message recently. By the way, it is one of the most popular methods to conduct a phishing attack.

“Your mailbox is almost full – please, increase its volume”

Oh no! It is never the right moment to receive such a message. Especially if you are in a hurry, accomplishing a few urgent tasks while attending a call with colleagues.

Following the link, you can even find your login already there, so you are just entering your password and… you get hacked!

Recommendations

  • Do not blindly follow instructions in the email, especially those that prompt you to perform certain actions here and now. Carefully check the sender email address
  • If you receive a message you have nothing to do with, it is better to delete it
  • Courts or other authorities would hardly send their decisions and overdue load notifications by email. In most cases you would receive a good old paper letter
  • Do not click suspicious links in the messages, even if they are from your friends or some official addresses – they can be compromised. Pick up the phone and call to verify!
  • Do not be fooled by the sense of urgency. Take your time to verify email that requires you to take some actions

Learn more about the way you can train non-IT teams inside your organization to recognize manipulation of human emotions attempts alongside the other basics of cyber security awareness.

Related post

The future of cybersecurity - trend 2025

As we move into 2025, the cybersecurity landscape will reach unprecedented levels of complexity. Advanced technologies such as Artificial Intelligence (AI) and automation will take center stage - not only…

5 minuti
SIEM Cybersecurity

The rapidly evolving nature of cybersecurity threats challenges organizations to adopt advanced tools to protect their data and infrastructure. Security Information and Event Management (SIEM) systems are at the forefront,…

6 minutes
cset conference

Genoa, Novembre 14, 2024 - The 2024 CSET Conference,concluded yesterday, following two days of insightful discussions held on November 12-13 at the historic Palazzo della Borsa in Genoa. Organized by…

Back To Top