Social engineering works because people naturally trust others and often make decisions quickly when under pressure. Attackers take advantage of common human behaviours and emotional responses to influence their victims.

Some common psychological techniques used in social engineering attacks include:

Urgency

Attackers create a sense of panic or urgency to pressure victims into acting quickly without thinking carefully.

Example:

“Your account will be locked within 24 hours unless you verify your details immediately.”

Authority

Attackers may pretend to be figures of authority such as managers, banks, government organisations, or technical support staff.

Example:

“This is the IT department. We need your password to resolve an issue with your account.”

Trust

Many attacks rely on creating a false sense of legitimacy or familiarity. Attackers may impersonate trusted organisations or individuals to appear believable.

Example:

An email pretending to be from PayPal, Amazon, or a colleague.

Fear

Fear is commonly used to manipulate victims into reacting emotionally instead of rationally.

Example:

“Suspicious activity has been detected on your bank account.”