When we think of cyber scams, the first thing that comes to mind for many of us is sophisticated technical attacks such as ransomware or malware. But one of the most common tactics involves attacking an area that has nothing to do with technology—your emotions.
Here are 7 common emotional triggers that cyber criminals will leverage in a scam so you — and your organization — can be better equipped to stay safe online.
Concern
When we are worried or concerned about the people we care about, we often bypass our rational thought process — and our security mindset. Examples of this scam include claims that a relative or friend was robbed or lost their identification or phone in a foreign country, or sending someone a message that says "we know what you’ve been doing" and looks to extort them.
The instant need to help, to ensure a colleague or a loved one is safe and protected, is a trigger the criminals love to pull. This trigger instills a sense of urgency and emotional fear response in a potential victim.
Love
We all yearn to find love, and cyber criminals will target those who put their hearts on the line in the search for romance. Through romance scams, dating site scams or what’s known as "pig butchering"— gaining a person’s trust to exploit them (which cyber criminals liken to a pig that is being fattened for slaughter)—scammers set the emotional love hook and request money from victims or even use them as the funnel for money laundering or drop shipping and other such "middle man" crimes.
Fear
While fear is part of other emotions on this list, many scams will do away with nuance and go straight at what makes us scared, blackmailing people to part with money or information out of a fear of information being leaked, getting into legal trouble, being reprimanded or fired from their job and even physical harm.
Greed
Get-rich-quick schemes have obviously been around much longer than the internet, but selling the idea of making money fast has become even easier in the digital age. These can include real estate scams, crypto/NFT scams or other investment scams, and they work especially well when cyber criminals get influencers on board with endorsements. And sometimes "quick" is just the start. Once the victim has "bought in," it is easy to manipulate them into longer term, more intensive — and more lucrative — types of scams.
Admiration
Everyone wants to be the hero, chosen for a special task. In cyber scams, this might take the form of a scammer impersonating your CEO and choosing you to help in a crunch or trusting you with a very important, time sensitive task. And of course you will help — it’s time to shine (and put your guard down)! Admiration is also present in romance/love style scams where an attractive person starts to pay attention to you, and those happy feelings you get from this attention also make it easier to suppress any suspicion you may have.Shame
Scammers will use old information or images, create fake debts or challenge your commitment to a cause to make you feel ashamed. Once they have you down, you are a much easier target to exploit.
Guilt
What is your initial reaction if someone from your work or life accuses you of not completing a task, missing a payment or having inappropriate activity on your work computer? No one could blame you for panicking and working immediately to make things right. Scammers know this, and they will stoke those feelings to manipulate you into doing things they want you to do.
Once a scam is complete, shame and guilt are also exploited by scammers to stop victims from coming forward. Organizations who fall victim to attacks such as business email compromise (BEC) may also react this way and not report them, fearing reputational damage.
Emotional trigger scams start with an individual, but the end game is often gaining access to an organization’s systems. Educating yourself and your team about these common tactics is one of the best defenses to keep your organization safe. Take a look at our 7 Triggers of a Scam infographic for more on this topic.
If you find your business has been a victim of one of these scams or you are looking to improve the robustness of your incident readiness planning, reach out to a Secureworks expert today.