Skip to main content


You are here:

The Psychology of Data Theft: Tricks Social Engineers Use and How to Fight Back

Identity theft has reached epidemic proportions, with millions of stolen credit card numbers, Social Security numbers and bank account data for sale on the dark web and millions more traded on secret hacking sites. Cybercriminals use a multitude of tactics to obtain this ill-gotten booty, from backdoors planted inside compromised computers to keyloggers embedded deep within the operating systems powering popular mobile devices. As users grow wise to these cyber threats, the bad guys are adapting their tactics, adjusting the way they do business in an attempt to trick people into giving up information they otherwise would not have. One of the slyest and most dangerous forms of cybercrime takes advantage of human psychology, making it particularly challenging to combat. This insidious form of cybercrime is known as social engineering. It has been successful with everyone from ordinary home users to the executives at Fortune 500 companies. If you want to protect yourself, your devices and your data, understanding how the cybercriminals operate and how they trick their victims is a smart place to start. Here are some of the most popular tricks and how to fight back in an increasingly treacherous digital landscape.


Whether it is gold coins, gourmet foods that are hard to come by or the latest internet fad, scarcity drives demand and prices up. You may recall the fistfights over Cabbage Patch dolls back in the 1980s or the more recent physical tussles over chicken sandwiches when the principle of scarcity was on full display.

Social engineers understand the value of scarcity, and they use that psychological weakness to entice their victims. They may pretend to have something everyone wants, and they count on human greed and fear-of-missing-out to do the rest. You can fight back against this artificial scarcity by watching the news and examining the psychological underpinnings of this profound human need. The more you know, the easier it will be to resist.


Cybercriminals know that getting people to act against their own best interests is hard, especially when their victims must overcome a healthy level of skepticism. Someone who receives a call out of the blue asking for a Social Security number or bank account information is unlikely to comply. Still, the victim who gets the same request from a bank president or government representative may think twice before saying no.

The same principle of authority compliance is at work in most forms of spearphishing – targeted attacks designed to ensnare executives and others with decision making power. These social engineering attempts may appear to come from trusted business associates, members of the financial press and others who exude a certain authority.

You can protect yourself from these authoritative attacks by doing some extra research. If you get a phone call or email from the IRS, you can call your tax preparer to see if there is actually a problem or if it is all a scam. If your “boss” asks you to wire a large sum of money to a supposed vendor, call for confirmation before making the transaction. You can also educate yourself about these kinds of scams, so you will know what to look for and how to avoid becoming the next victim.


The concept of reciprocity is at the heart of human psychology, but it is most apparent during the holiday season. When someone unexpectedly gives you a gift, you feel bad if you do not have a gift to offer in return.

It does not matter how small or insignificant that unexpected gift is; you still want to reciprocate with a present of your own. Cybercriminals are fond of exploiting that very human tendency, and they use that knowledge to fine-tune their offers.

Cybercriminals may, for instance, dangle the promise of a lottery win, asking only a small processing fee or advance tax payment in return. Of course, there is no lottery prize, and any cash you send is most likely gone forever.

Recognizing this tendency to give a gift to get a gift is the best way to fight back, paired with your common sense and intuition. Unlike the holidays, when relatives show up unexpectedly, a stranger is unlikely to turn up in your email box with a present. If it feels suspicious or makes you in any way uncomfortable, it’s in your best interest to second-guess the motivation of the supposed benefactor.


Cybercrime is becoming more sophisticated by the day, with armies of hackers and state-sponsored actors trying to separate victims from both their hard-earned cash and their private information. Social engineering tactics take those efforts to the next level, employing psychological principles to trick their victims in several different ways. The best way to fight back against these intrusions is to be aware of them, be cautious of messages from unknown or unlikely sources, and remain on the lookout for the dangers listed above.