Return to Insights

The psychology behind cybercrime


Small businesses face a myriad of risks daily and in this pandemic, they are facing new risks in the form of evolving cybersecurity threats. As a strategic financial partner of many small and mid-size businesses, my team and I have intimate knowledge and insights of emerging cyber threats.

Businesses need to anticipate threats and stay a step ahead of increasingly sophisticated cyber threats. During this pandemic, many businesses have turned to automation to manage their finances, making financial solutions with built-in fraud protection such as Integrated Payables, Positive Pay and Payee Verification incredibly valuable. While such protective measures are a critical first line of defense against payment fraud, businesses also need to take a proactive approach to protect against cyber risks involving consumer and financial data.

As more people are working from home, businesses are exposed to a whole new arena of risks that they didn’t have to worry about before this pandemic. Hence, educating your workers on how social engineering can be used to compromise email accounts and helping them understand how cybercriminals prey on our psychology can help your workers better identify potential threats.

Ways that cybercriminals use psychology

There are four main ways cybercriminals use psychology to persuade and bait you into giving them access to your data.

Urgency and fear

Preying on workers’ fear and urgency is probably one of the most common techniques used by cybercriminals. Cybercriminals create a sense of urgency to pressure people into making a bad decision. Some common examples are:

  • Posing as a cybersecurity company
  • Threatening a sudden account closure or asking you to dispute unauthorized purchases
  • Impersonating important HR issues
  • Notices for expiring passwords, late payments, missing funds, etc.
  • Authority figures such as the CEO, CFO or IRS demanding immediate cooperation

Talk with your team members around how money and payment requests are handled at your business and encourage them to verify any requests that seem suspicious and deviate from regular routine. Remind your team members that it is better to verify twice when it comes to handling money movement requests.

Courtesy and Kindness

Cybercriminals use our innate sense of compassion and helpful nature to their advantage. For instance:

  • Fake charities soliciting money for humanitarian crises
  • Impersonating a colleague or friend who needs help wiring money to them
  • Social security personnel asking for verification of an SSN because their computer is down

In any of these instances, call the organization or person involved to make sure their request is legitimate.

Curiosity and excitement

Everyone likes feeling lucky and cybercriminals often use this desire to scam people. These are some common examples:

  • Ads for heavily discounted items that cannot be found anywhere else online
  • Winner of prize money or contest that you did not apply for
  • Clickbait video and photo links

As the saying goes, if it seems too good to be true, it probably is. Be sure to verify the source and contact the organization directly instead of clicking on the link.

Ignorance and trust

This is a broad category and sometimes the “bait” looks harmless, which makes it even more convincing:

  • Spear phishing, which means individually targeted scams using data specific to the victim
  • Survey scams where you may be asked to input personal information
  • Social media messaging

Remind your workers to limit social media use on their work computer and to avoid clicking on links from unknown sources. And even if the source is known, if the request seems out of the ordinary, always contact the people making the request directly instead of just replying to the email.

Follow these best practices to protect your data

Knowing these common examples can save your business from falling victim to ransomware and data breaches. To add an extra layer of defense, use these best practices to protect your data:

Data collection

Know what type of data you want to collect and how.

Data storage

Decide where you want to store the data. Be sure to store it on a trusted platform that uses encryption.

Data sharing

Most systems are cloud based and share data within an ecosystem (e.g. connecting Shopify with Quickbooks). Do not solely rely on systems to protect your data. Instead, know where and who has your data in the event of a data breach. In addition, knowing when and how your business intends to use customer data is important. As a business owner, you need to know the implications of using customer data and their right to privacy. This will increase your customers’ trust in your organization.

Understanding these basics will put your business in a better position to prevent a data breach. And talking to your banking partner about how you can manage and protect your data can save your business from reputational damage and financial loss.

About Joe Chow


More on Joe