Skip to content Skip to Search
Skip navigation

Why do we click? The psychology behind phishing attacks

Understanding our online behaviour is a crucial step towards protecting our digital lives and businesses

Hand about to click computer mouse Pexels/Roberto Cosentino
A sense of urgency or a intriguing proposition can be all it takes to trigger that fateful click

The majority of cyberattacks in the Middle East rely on social engineering, malware, or exploitation of software vulnerabilities. Around 80 percent of successful attacks are of a targeted nature, according to a recent report from Positive Technologies.

So why do we click? Given that October is Cybersecurity Awareness month, let us look at the things that make us click and how we can ensure not to be tricked by cybercriminals.

Our personal and professional lives are entangled in the vast networks of the internet, and social engineering exploits this entanglement, often with a single, well-placed deception.

Over the years, I have become increasingly intrigued by the psychology that underpins these deceptions, particularly as they’ve evolved with the advent of disinformation and generative AI.

The landscape of phishing and social engineering attacks is not what it used to be. Once characterised by poorly written emails from a supposed “Prince”, today’s attacks are sophisticated, tailored and believable.

The rise of disinformation campaigns and generative AI has added another layer of complexity.

These technologies can generate realistic and personalised messages that can easily deceive an unsuspecting individual. This evolution reflects a deep understanding of human psychology and our sociable nature.

Four approaches

What makes us click? At the heart of social engineering lies a profound understanding of human behaviour and psychology. Attackers prey on our innate tendencies – trust, curiosity, fear and sense of urgency. 

  • Trust is our social glue, yet, in the digital realm, it can lead to mistakes. An adeptly created email impersonating a trusted colleague or a reputable organisation can catch us off guard, and we fall into the trap.
  • Curiosity is another aspect of human nature that phishers exploit. An exciting proposition or a message with a cliff-hanger exploits our inquisitive nature, and we unknowingly click.
  • Fear is a potent tool that cybercriminals misuse. A fabricated tale of a security breach or a compromised account compels us to delve further and we click open the malicious email. 
  • Creating a sense of urgency is often the coup de grâce in the phisher’s scheme. A concocted narrative of a fleeting opportunity or an imminent threat compels us to act hastily, and we ignore our instinct and the feeling of scepticism that might have otherwise saved us.

A well-crafted phishing email may impersonate a trusted colleague, stoke fear about a supposed security breach, or spark curiosity with a “too-good-to-be-true” proposition and before we know it, we’ve clicked and the malicious cycle begins.

Exploiting fear

Recent years have seen a spate of successful social engineering attacks that underscore the effectiveness of these psychological exploits.

Take, for example, the exponential rise in phishing-related scams during the Covid-19 pandemic. Cybercriminals preyed on the global fear and uncertainty, crafting emails impersonating health organisations or offering essential supplies.

The psychological underpinning was clear: exploit the pervasive fear and urgency to prompt a click, a download or a share of sensitive information.

The psychological sophistication of these attacks begs the question: How do we safeguard against an enemy that understands us so well?

Education and awareness are crucial first steps. Understanding the psychology of social engineering and the tactics employed by cybercriminals can foster a healthy sense of scepticism and caution.

It is also important to avoid haste and distractions when dealing with technology, even if it is just an email. If the email is from a colleague or an organisation, verify with them directly on a separate communication platform before responding to their initial communication channel.

Trust your instinct: there will be a red flag if you read carefully and examine the message.

Moreover, it is important for individuals and organisations to adopt robust cybersecurity measures and stay abreast with the evolving threat landscape. 

The marriage of psychology and technology in the realm of social engineering presents a formidable challenge. As the line between the real and the digital continues to blur, so does the line between trust and deception.

The onus is on us to remain vigilant, to question the too-good-to-be-true, and to foster a culture of cybersecurity awareness that can withstand the psychological onslaught of social engineering.

Do remember that you don’t just win without doing anything and hardly anything comes for free. Be especially careful with links and downloads.

In an era where disinformation and sophisticated digital deceit are the norm, understanding the “why” behind our clicks is not merely a matter of intellectual curiosity, but a crucial step towards protecting our digital lives and businesses against the ever-evolving threat of social engineering.

Matthew White is a partner at PwC Middle EastHe leads the cybersecurity and digital trust practice for the region and is a leader in virtual assets

Latest articles

Machine, Architecture, Building

Arabian Mills gets nod to sell 30% stake on Saudi bourse 

Arabian Mills for Food Products will list 15.4 million shares, or a 30 percent stake, on the Saudi stock exchange, the kingdom’s market regulator has said. The Capital Markets Authority (CMA) approved the company’s public floatation application on Monday, adding that the prospectus will be published before the subscription start date. No other details of […]

Properties overlooking the bay in Muscat. Property prices in the capital fell more than 5 percent

Oman’s real estate sector continues to slide

Apartment prices in Oman dropped more than 17 percent in the first quarter of 2024, while villa prices rose a meagre 0.8 percent, according to the latest government figures. Residential real estate prices were down across the board quarter on quarter, including those for land. The Musandam region recorded the largest overall decline at 15.7 […]

Shoppers choose vegetables in Istanbul; inflation means people are spending on essentials

Turkish retailers’ confidence wavers as inflation bites

Confidence is falling among Turkish retailers, according to a survey from the country’s statistics agency Turkstat. Shoppers have been scaling back on big-ticket purchases, spending instead on basic consumer goods as inflation piles pressure on household incomes. May’s business confidence report, released by Turkstat on June 24, showed sentiment in the retail sector at its […]

Water is handed out to pilgrims in Mecca. Hundreds of pilgrims without a Hajj permit died during extreme heat last week

Egypt shuts down 16 travel companies after Hajj tragedy

Egypt has withdrawn the operating licences of 16 travel companies for organising unlicensed Hajj trips to Saudi Arabia. A statement from the Egyptian government said the companies would be prosecuted and fined, with the funds used to compensate pilgrims’ families for their loss.  Hundreds of Egyptians were among 1,301 people who died of exposure to […]