NetworkTigers discusses how criminals use psychology to prey upon victims.
When most people think of cybercrime, they think of the technical aspects of cracking passwords or hacking into systems using sophisticated software or skills. While these techniques are regularly employed, many fail to realize the extent to which cybercriminals use psychology to supplement their attacks or simply convince victims to hand over sensitive information willingly.
Skilled criminals regularly use psychological social engineering tactics on people who often don’t realize they have been misled until it’s too it’s.
1. Creating urgency
People are more likely to make bad decisions under pressure. Cybercriminals use this fact to their advantage and often craft attacks designed to make their target feel like the clock is ticking.
These attacks often come in the form of an email or text message claiming that a user’s account has been compromised and must be rescued immediately or that an expensive purchase has been made in their name with only a narrow window of opportunity for cancellation.
Criminals use psychology to trick victims into believing they need to act fast to avoid a security issue. They can fool people into creating one by filling out fake login pages or submitting financial information to an illegitimate source.
2. Exploiting greed
Get-rich-quick scams have existed for as long as anyone can remember, taking advantage of the fact that everyone likes easy money or free prizes.
Criminals know that financial motivation can be a tremendously powerful tool. From encouraging victims to invest in malicious crypto scams promising huge returns to tricking them into believing they’re only a few clicks away from claiming a new car or cash prize in a contest or drawing, the psychology of greed is so simple that it’s one of the easiest ways to get people to bend to their will.
These types of scams are showing no signs of slowing down, with crypto scams, in particular, continuing to rise in popularity and effectiveness. In 2023, the average loss grew by 27%, with some victims seeing their entire life savings disappear after being ripped off.
3. Leveraging loneliness
Those experiencing loneliness may find the internet a minefield of potential heartache and financial ruin.
Preying on the lonely is not a new tactic. Still, the anonymity of the internet has made it easier than ever for criminals to assume fake personas designed to appeal to their victims, gain their trust, and then convince them to send money.
Romance scams may originate through a dating site or social media platform using accounts operated and maintained by criminals. However, they may also begin with something as seemingly innocent as a text sent to a victim that appears to be a wrong number.
Pig butchering scams that see a criminal building trust and rapport with a victim referred to as the “pig” before “butchering” them by making off with their finances are often performed in this manner and frequently use romance as a lure.
Once a victim responds to a text that appears to be for someone else, the criminal on the other end will use any means necessary to create a relationship with them before turning the conversation towards crypto investment or some other means of stealing their money. The attacker will then disappear, leaving the victim to deal with the shame of having been conned.
4. Impersonating authority figures
From work supervisors to police officers and government agents, most people are emotionally affected and compelled by instructions delivered by an authority figure.
Criminals use this psychology to their advantage by generating messaging that purports to be from a government agency, such as the IRS or FBI, or a boss at work. These may be fraudulent emails adorned with images and language almost indistinguishable from one originating from a legitimate source or text messages claiming to be from a direct report at the office.
By leveraging the desire to rescue a boss in need who has somehow gotten locked out of their company account or the compulsion to avoid being punished by law enforcement, criminals can pressure their victims into doing everything from turning over company network login credentials to submitting their Social Security number to a fake IRS form.
5. Appealing to your better nature
From holding doors to helping someone pick up something dropped, most people feel compelled to assist those in need.
Insidiously, criminals use psychology to abuse this by creating fake charities or appearing as though they are in distress and in need of help that only their target can offer.
Charity fraud sees victims sending donations to organizations that don’t exist or fraudulent sites that emulate ones they are familiar with. Often popping up in response to high-profile natural disasters, the holidays, or posing as war relief funds, criminals use these scams to enrich themselves by leveraging the generosity of others.
Criminals also target specific individuals in this way, posing as fellow employees in trouble and reaching out to people who hold the keys to whatever door they want opened. For example, they may claim to have had their device stolen or broken, necessitating a password reset.
Hackers used this tactic in the 2023 hack of MGM Resorts. By impersonating an employee found on LinkedIn, criminals convinced a help desk worker to reset the passwords and multi-factor authentication codes of high-ranking staff members. The result was the compromise of the company’s Las Vegas digital infrastructure and the shutting down of a number of essential operations.
6. Leveraging scarcity
People are prone to acting quickly if they feel they will miss out on a narrow window of opportunity. This is the psychology of scarcity.
To prey on this, criminals will invent scams and scenarios claiming exclusive access to whatever bait they’re using at the time. This can be a limited-time offer on cheap airfare, a cash prize, or even a lucrative job opportunity.
By misleading people into thinking they need to make a quick decision to receive or access something scarce, criminals can get victims to jump on opportunities they may otherwise not even have a motivating interest in.
For example, a victim may not be particularly interested in traveling, but if a message arrives that claims to give them limited access to deeply discounted airline tickets, they may be just curious enough to take the bait.
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
