[INFOGRAPHIC] 9 Cognitive Biases Hackers Exploit the Most

Cross pot from our blog!

[INFOGRAPHIC] 9 Cognitive Biases Hackers Exploit the Most

Stu Sjouwerman


Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one.

People, no matter their tech savviness, are often duped by social engineering scams, like CEO fraud, because of their familiarity and immediacy factors.

Bad actors have the know-how to tap into the “mental shortcuts” that are called cognitive biases and manipulate employees into compromising sensitive information or systems.

Check out this infographic, with examples of the top cognitive biases hackers use the most:

Click here to download the full infographic (PDF).

Here are the nine cognitive biases with examples:

  1. Hyperbolic Discounting: Choosing immediate rewards over rewards that come later in the future.
    2.Example:* Free coupon or special deal scams

  2. Habit: The tendency of users to follow recurring habits.
    4.Example:* Phishing emails delivered at a specific time of day

  3. Recency Effect: Remembering the most recently presented information or events best.
    6.Example:* Phishing attacks referencing current events

  4. Halo Effect: When positive impressions of a person, company, etc., influence your overall feeling of that person or company.
    8.Example:* Scam messages from well-known brands

  5. Loss Aversion: The tendency to prefer avoiding losses to acquiring equivalent gains.
    10.Example:* Phishing attacks threatening credit score damage

  6. Ostrich Effect: Avoiding unpleasant information (hiding your head in the sand).
    12.Example:* Phishing emails warning action should be taken quickly or else

  7. Authority Bias: Attributing greater accuracy to the opinion of an authoritative figure.
    14.Example:* Hackers spoofing important messages from the CEO

  8. Optimism Bias: Overestimating the probability of positive events while underestimating the probability of negative events.
    16.Example:* Phishing emails will offer fake job opportunities or insider information

  9. Curiosity Effect: Acting to resolve curiosity even if it could lead to negative consequences.
    18.Example:* Phishing attacks offering limited time offers or secret information

Explore how a better understanding of how hackers are duping users, can help you identify potential cognitive biases and help you build a comprehensive security awareness training program that can be a game-changer in improving your organization’s security culture with our free whitepaper.