The Psychology Behind Phishing: Why we fall for phishing emails & how we can protect ourselves.

It’s a fact that most data breaches occur because of human error. Cybercriminals are well aware of this, and they know exactly how to manipulate people into clicking without thinking. That’s why email scams — also known as phishing — have become so successful.

Phishing has become an even bigger problem during the last year due to the COVID-19 pandemic. Our stress levels are higher, social relationships are strained, and there’s a general uncertainty of when it will be safe to return to normal. All of these psychological factors affect people’s decision-making and have given hackers a big advantage. However, the best way to protect yourself is to understand how a hacker might use these psychological factors against you.

Stress and Anxiety Fuel Poor Decision Making

Hackers thrive during times of uncertainty. For example, some of the COVID scams we saw last year included a threat of jail time if the victim didn’t return an overpayment from unemployment benefits or stimulus checks, as well as illegal impersonation of health officials offering antibody tests, PPE, and medical equipment – for a fee, of course!

With so much up in the air, it’s easy to see why cybersecurity was not top of mind for many people – and why this led to poor impulsive decisions online. The reason for this has to do with how stress impacts our brains.

Studies have found that anxiety can disrupt neurons in the brain’s prefrontal cortex (the area that helps us make smart decisions). This is why it’s important not to let your impulses take over when presented with negative information. Beware of emails, texts, or phone calls that demand money or personal information within a very short window of time. Read through all the information carefully, checking for suspicious language or misspelled words, including the business or person the email originated.

Exploiting Trusted Relationships

You are far more likely to trust and open an emailed link from a friend, family member, or colleague. Hackers exploit these relationships by using disguised email handles and targeted messaging, known as “spear phishing,” to get you to open and engage with their email.

How do they know who to impersonate? That information is most likely already available to them via social media. Phishing emails often impersonate someone in authority or someone you admire, like a boss or colleague, to gain personal information. An easy way to check a suspicious email is by examining the sender’s full email address, not just the display name. You can also verify odd requests from your boss, family, and friends by calling them up and asking for details instead of responding to the email. The same goes for links and downloads. It never hurts to double-check!

Distractions & Fatigue Reduce Alertness

With so many organizations utilizing remote work, changes in surroundings and new distractions can make employees more vulnerable to scams. While many people tend to have their guard up in a physical office, we tend to relax at home and let our guard down, even if we’re working.

Plus, to make up for not being in the same office, workers may experience communication fatigue. If you’re only communicating through emails, chats, and video calls, it is easy to confuse a legitimate email with a scam. Distractions and fatigue will happen occasionally, but you can lower your risk of making mistakes by recognizing when these psychological factors affect your decision-making. Stop, take a breath, and carefully examine the information in front of you.

Limiting the Threat

Unfortunately, these scams are not going away, and hackers will always be out there looking for their next victim – but that doesn’t mean you should constantly worry. A combination of awareness and having the right tools can make a big difference.

GTS PhishGuard offers protection from phishing scams and integrates directly with Office 365. This means that you can arm your inbox against phishing scams without ever leaving Outlook. Our GTS PhishGuard service is not a spam filter, but rather an ultra-focused program that targets phishing scams, going so far as to pull emails out of your team’s inboxes if a message is identified as a threat.

Give us a call at (904) 606-6011 or email to learn more about GTS PhishGuard, phishing protection, and other security offerings from Grand Technology Solutions. We’re happy to help you identify places where your defenses could be stronger—and put safeguards in place to keep your business protected.


Paul May