Course Content
Introduction
Social engineering attacks are successful because they exploit predictable aspects of human behaviour. One of the most important concepts behind these attacks is cognitive bias. Cognitive biases are patterns in the way people think and make decisions, particularly when under stress, pressure, or emotional influence. Attackers take advantage of these biases in order to manipulate victims into making poor security decisions. Rather than hacking computer systems directly, social engineers often “hack” human behaviour by exploiting emotions such as fear, trust, urgency, and authority. Understanding cognitive bias is important because it helps explain why even intelligent and security-aware individuals can still fall victim to phishing and manipulation-based attacks.
0/6
Introduction
What is Cognitive Bias?
Why Do Cognitive Biases Matter in Cybersecurity?
Common Cognitive Biases Exploited in Social Engineering
Real-World Example
Summary
Understanding Cognitive Bias in Social Engineering

Authority Bias

Authority bias occurs when people are more likely to trust or obey someone they believe is in a position of authority.

Attackers may pretend to be:

  • managers,
  • banks,
  • government organisations,
  • police officers,
  • or IT support staff.

Because victims believe the attacker has authority, they may follow instructions without properly questioning them.

Example:

“This is your company’s IT department. Your account needs to be verified immediately.”

Urgency Bias

Urgency bias occurs when people make rushed decisions because they feel pressured by time.

Attackers commonly use phrases such as:

  • “Act now”
  • “Immediate action required”
  • “Your account will be suspended”

The goal is to prevent victims from slowing down and thinking carefully about the situation.

Example:

“Your bank account will be locked within 24 hours unless you confirm your information.”

Trust Bias

Trust bias occurs when people are more likely to believe messages from organisations or individuals they recognise.

Attackers often impersonate:

  • trusted companies,
  • delivery services,
  • universities,
  • or coworkers.

This creates a false sense of legitimacy.

Example:

A phishing email pretending to come from PayPal or Amazon.

Fear Bias

Fear is a powerful emotional tool used in many social engineering attacks.

When people become anxious or frightened, they are more likely to react emotionally rather than rationally.

Attackers may claim:

  • your account has been hacked,
  • illegal activity has occurred,
  • or urgent financial action is required.

Example:

“Suspicious activity has been detected on your account.”

Previous
Next