October is recognized as Cybersecurity Awareness Month by the U.S. Department of Homeland Security. Throughout the month NCRA will be providing you with information and tips to help you stay safe and keep your information secure online. This week we cover the origins of online scams, explain how cybercriminals use fear tactics to manipulate you, and offer advice on how to not be a victim.
A short history of phishing emails
Phishing emails, or fraudulent emails intended to scam users out of money or into revealing sensitive information like passwords or account numbers, first appeared in the late 1990s. Early phishing emails were typically generic and riddled with spelling and grammar errors.
By the mid-2000s, hackers had moved away from gimmicks (like the infamous “Nigerian Prince” scam) and began using emails that looked more like legitimate correspondence from government agencies and recognizable businesses. The formatting was much cleaner, and the messages often carried a sense of urgency, impersonating organizations like the IRS to pressure victims into revealing personal information.
Today phishing has evolved into a highly targeted and emotionally manipulative practice. Attackers leverage AI to create thousands of personalized messages instantly, hitting emotional pressure points with themes of fear, urgency, and authority. In our overstimulated digital world where we are constantly bombarded with emails and notifications, fear has become a highly effective tool for cutting through the clutter and pressuring users to fall for more sophisticated scams.
Three effective fear tactics: Triggering an alarm, creating a sense of urgency, leveraging authority
Cybercriminals frequently use fear as a tool to manipulate victims. By triggering the brain’s threat response system, scams can cause an immediate feeling of panic, which bypasses rational thought. When a person perceives a threat, the brain moves into “fight, flight, or freeze” mode. A common example is a vishing (voice phishing) phone call where a scammer threatens arrest or legal action, triggering a powerful fear response that makes the victim more likely to comply with demands without questioning them.
In addition to fear, scammers can create a sense of urgency to pressure victims into making quick decisions. This tactic is designed to eliminate the time needed for critical thought and verification. A typical example is a phishing email that warns the recipient that their account will be locked or deleted if they don’t reset their password within a specific, short timeframe. This artificial deadline creates a sense of panic and anxiety, making it less likely that the recipient will take the time to notice red flags before clicking on a malicious link.
Finally, scammers might leverage a sense of authority to gain trust. Humans are socially conditioned to respect and obey authority figures. Scammers exploit this by impersonating figures of authority such as CEOs, government officials, or IT administrators. A common example is a smishing (SMS phishing) text message that appears to be from a boss or a company executive asking an employee to wire money or send gift cards. The victim is more likely to trust the request and comply without verification, believing it’s coming from a legitimate source.
How to protect yourself
When an unexpected message triggers feelings of fear, anxiety, or pressure to act, it’s essential to recognize it as a red flag. Once you’ve learned to spot the manipulation, you can learn how to respond.
- Name the emotion: The first step is to name the emotion you’re feeling. For example, if you receive an email with a subject line like “Missed payment! Your account will be locked unless you act now,” you can mentally state, “I’m feeling rushed. This email is triggering urgency.” This simple act of identifying the emotion helps to tone down the fear and create a moment of clarity.
- Pause and breathe: Another way to slow down your response is to take some deep breaths. This will help you to calm you down, pause, and get out of panic mode.
- Anticipate and visualize a response: Another common fear-based email or text could alert you that an unusual login has been detected and ask you to “verify your login or your account will be disabled.” Instead of clicking the link right away, you might want to visualize responses before acting. This could involve closing the message and independently verifying the claim through an official channel, such as by logging into your account directly through the company’s website or calling a known customer service number.
The most effective way to handle online threats is to be suspicious and take control of the situation. Never click on links or provide information directly from an unexpected message — reach out to the sender separately to verify its legitimacy. Remember, legitimate organizations will never demand immediate action or threaten you with a vague sense of urgency or fear. By training yourself to pause, name the emotion, and respond with a pre-planned, calm action, you can effectively disarm the manipulative tactics that scammers use and protect yourself from their attacks.
