How Cybercriminals Use Employees’ Brains Against Them Blog


To better understand the cognitive biases used by malicious entities to target enterprise employees, SecurityAdvisor assessed more than 500,000 malicious emails targeting senior leaders, mid-managers, and entry-level employees, as well as IT, finance, human resources, and legal teams. Entitled “2021 Report: Human Risk in Cybersecurity,” the research identifies the individuals and departments who are targeted by cybercriminals the most, as well as the top attack vectors directed towards employees across a multitude of verticals, including healthcare, financial services, communications, professional services, energy and utilities, and retail and hospitality.

Below you will find a brief excerpt from the report that reveals how hackers use psychological techniques to target employees.

Most Popular Cognitive Biases by Phishing Attack Volume

In the hustle and bustle of modern life, our mental energy is the most important currency we have. Today’s demanding remote work environment is mentally draining as employees attempt to keep up with the expectation to be “always-on” and available.

The human brain subconsciously takes mental shortcuts, called cognitive biases, whenever and wherever possible to preserve cognitive resources. While these preconceptions do not necessarily reflect reality or rationality, we rely on them to expedite and simplify information processing. These biases influence and affect not only the way we think and behave but also our decision-making process.

Unfortunately, today’s bad actors leverage these cognitive biases to launch increasingly sophisticated and personalized phishing attacks that psychologically manipulate an employee’s thoughts and actions to gain access into their organization’s network. Social engineering is the systematic exploitation of human cognitive biases. Successful phishing attackers know how to use cognitive biases to convince their targets to take any action they might not otherwise take voluntarily—for example, clicking on a malicious link or sharing passwords. As a result, these errors in our thinking process can severely impact our organizations' cybersecurity posture.

Here is a brief description of the most common methods the SecurityAdvisor team has seen cybercriminals use to target its customers:


1. Halo Effect: This is the tendency for an individual to have a positive impression of a person, company, brand, product, or service. In this type of attack, a cybercriminal pretends to be a trusted entity known to the target individual.


2. Hyperbolic Discounting: This bias refers to the inclination to choose immediate rewards over rewards that come later in the future, even when these immediate rewards are smaller.


3. Curiosity Effect: Also referred to as the Pandora effect, taken from the Greek mythology of Pandora’s box, research suggests that humans possess an inherent desire to resolve uncertainty. When facing something uncertain, they will act to resolve the tension even if they expect negative consequences.


4. Recency Effect: This is the tendency to remember the most recently presented information best or recent events that have taken place. SecurityAdvisor data revealed that some phishing attacks used the bait of COVID-19 vaccinations to lure targets to act.


5. Authority Bias: This bias states that people tend to attribute greater accuracy to the opinion of an authoritative figure. In the context of the workplace, this can include a manager, boss, or CEO.

SecurityAdvisor’s research shows that the halo effect is the most commonly used cognitive bias by cybercriminals, appearing in 29% of phishing attacks. Following closely behind is hyperbolic discounting, which occurred in 28% of phishing attacks. Rounding out the top five cognitive biases cybercriminals exploit most is the curiosity effect (17%), recency effect (5%), and authority bias (3%).

Below is a breakdown of each of the top five cognitive biases exploited by hackers.


Interested in learning more about cybercriminals’ usage of cognitive bias to compromise enterprises’ security? Click here to download the full report:

Learn how SecurityAdvisor can help your team

Schedule some time to talk with one of our experts and they will show you how we can help your organization.

Get a demo Today