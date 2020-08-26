We all know the feeling, that awful sinking in your stomach when you realize you’ve clicked a link that you shouldn’t have. Maybe it was late at night, or you were in a hurry. Maybe you received an alarming email about a problem with your paycheck or your taxes. Whatever the reason, you reacted quickly and clicked a suspicious link or gave away personal information before realizing you had made a dangerous mistake.

You’re not alone. In a recent survey conducted by my company Tessian, 43% of people admitted to making a mistake at work that had security repercussions, while nearly half (47%) of people working in the tech industry said they’ve clicked on a phishing email at work. In fact, most data breaches occur because of human error. Hackers are well aware of this and know exactly how to manipulate people into slipping up. That’s why email scams—also known as phishing—are so successful.

Phishing has been a persistent problem during the COVID-19 pandemic. In April, Google alone saw more than 18 million daily email scams related to COVID-19 in a single week. Hackers are taking advantage of psychological factors such as stress, social relationships, and uncertainty that affect people’s decision-making. Here’s a look at some of the psychological factors that make people vulnerable and what to look out for in a scam.

Stress and anxiety take a toll

Hackers thrive during times of uncertainty and unrest, and 2020 has been a heyday for them. In the last few months they’ve posed as government officials, urging recipients to return stimulus checks or unemployment benefits that were “overpaid” and threatening jail time. They’ve also impersonated health officials, prompting the World Health Organization to issue an alert warning people not to fall for scams implying association with the organization. Other COVID scams have lured users by offering antibody tests, PPE, and medical equipment. Where chaos leads, hackers follow.

The stressful events of this year mean that cybersecurity is not top of mind for many of us. But foundational principles of human psychology suggest that these same events can easily lead to poor or impulsive decisions online. More than half (52%) of those in our survey said that stress causes them to make more mistakes. The reason for this has to do with how stress impacts our brains, specifically our ability to weigh risk and reward. Studies have shown that anxiety can disrupt neurons in the brain’s prefrontal cortex that help us make smart decisions, while stress can cause people to weigh the potential reward of a decision over possible risks, to the point where they even ignore negative information.

When confronted with a potential scam, it’s important to stop, take a breath, and weigh the potential risks and negative information, such as suspicious language or misspelled words. Urgency can also add stress to an otherwise normal situation—and hackers know how to take advantage of this. Look out for emails, texts, or phone calls that demand money or personal information within a very short window.

Hacking your network

Some of the most common phishing scams impersonate someone in your “known” network, but your “unknown” network can also be manipulated.