Hackers act a lot on emotions. But that doesn’t mean you should sympathize with them. The best hackers and scammers (lets call them attackers) understand YOUR emotions, and act on them to get you to do things you wouldn’t otherwise do.
You might think there are just a few ways that attackers (acting in a “social engineering” capacity) might try to trick you by making urgent requests, or threatening you with penalties if you don’t do what they ask. But you should be aware that they can use almost any emotion against you, especially if they know a little information about you…
Have you ever — or could you ever — experience one of these emotions?
When I teach cybersecurity awareness courses, I often put up a slide with this list of emotions that attackers might use to prompt you to respond without thinking:
This could help you avoid or prevent an unintended incident.
2 – Managers: Make sure employees are aware of how attackers might try to approach them for certain types of information or access. Most people feel they are not targets because they don’t have information that they consider to be valuable. However, attackers often use people on the periphery, or in a “supply chain”, who are likely to be less protective of information.
It can be hard to teach people about emotional responses targeted by attackers. So, scenario-based training, gamified exercises and simulations are good ways to help people recognize the kinds of situations that may be high risks for your organization.