Visual of credit card phishing scam, representing a common passive attack.

The Psychology of Falling for a Phishing Email

Visual of credit card phishing scam, representing a common passive attack.

Phishing is a cybercrime that has been around for many years, where targets are sent malicious emails claiming to be from a legitimate individual or organization to trick them into disclosing their sensitive information. Phishing emails remain a major threat today, however despite increased awareness of the cybercrime, cybercriminals continue to fool their targets into their traps, thus successfully carrying out these attacks. How do these attackers continuously find success in tricking their victims? The answer may lie in human psychology.

Marika Samarati, writer of The psychology behind phishing attacks believes that phishing is, “the act of psychologically manipulating people into performing actions or divulging confidential information for malicious purposes.”

How Do Cybercriminals Successfully Phish Their Targets?

Samarati believes that for a phishing attack to be successful, the cybercriminal needs to rely on the target being manipulated more than the technical skills of the criminal. In his argument, for the target to take the bait and ultimately fall for a phishing scam, a cybercriminal must understand human nature to determine how they will behave and react to the email. By understanding what content will gain the desired reaction from the target, the criminal can choose the best course of action in how they will approach them.

Samarati provides his insight as to how cybercriminals maximize the success of a phishing email:

  • They send it when people are more vulnerable and stressed – late in the afternoon, on Fridays or at the end of the month, for instance.
  • They spoof C-suite managers’ email addresses to make sure low-level staff do as requested without arousing suspicion.
  • They take advantage of real-life events, like tax return deadlines, etc.
  • They use fear tactics and urge the recipient to act promptly.

Who’s a Target?

When it comes to who is a target for a phishing email, the possibilities are endless. Phishing comes in several forms and targets everyone, from low-level employees to CEOs and other top executives.

Spear-Phishing

In a spear-phishing attempt, the cybercriminal has a target in mind, whether that be an individual or an organization. Spear-phishing emails pose a tremendous threat because unlike random phishing attempts, these malicious emails generally look more legitimate and are crafted with your personal information or interests in mind.

BEC Scams

Business Email Compromise (BEC) scams, target CEOs, top executives, or managers from organizations to spoof their email accounts and ultimately attempt to make a victim out of lower-level employees. In a BEC scam, the cybercriminal typically does their research to find out who the CEO is and which employees they are going to target by sending them malicious emails appearing to come from their boss or company executives.

The Rise in Phishing

According to the Symantec 2018 Internet Security Threat Report, 71% of all targeted attacks last year started with spear-phishing, making it the most widely used infection vector. Not only are phishing attacks increasing, but they are also evolving. Using Samarati’s approach as an explanation, the increase, and evolvement of phishing emails may be a result of cybercriminals developing a firmer understanding of human psychology and how they can best be manipulated.

Are Your Employees Putting Your Organization at Risk?

Educating your staff about phishing is crucial in protecting your organization. Employees should know what to look out for to spot a phishing email and how to avoid falling victim to one. In addition to training, running a simulated phishing attack to test your employees’ knowledge on how to spot a phishing email will help keep them on their toes and show you which employees need additional training.

badge w light burst white (1)
Exclusively for Our MSP Partners

Now Available: Gen AI Certification From BSN

Lead Strategic AI Conversations with Confidence

Breach Secure Now’s Generative AI Certification helps MSPs simplify the AI conversation, enabling clients to unlock the value of gen AI for their business, build trust, and drive growth – positioning you as a leader in the AI space.

More on blogs

Why Continuous Training Beats One-and-Done Cyber Awareness

Cyber threats evolve constantly, which means annual cybersecurity training is not enough to keep employees prepared. Learn how continuous training, phishing simulations, remediation, and short

The AI Boomerang Effect: Why Companies (and AI) Still Need Employees

The AI Boomerang trend is proving that AI does not eliminate the need for skilled employees. Instead, organizations need people who know how to use

From MSP to MIP: BSN’s Key Takeaways from Pax8 Beyond 2026

The BSN team returned from Pax8 Beyond 2026 with valuable insights on AI adoption, cybersecurity, compliance, and the industry's shift from Managed Service Providers to
Take the First Step

Experience Training That Makes a Difference

during the demo you’ll:

Take the First Step

Experience Training That Makes a Difference

During the demo you’ll:
situs toto toto toto togel sesetoto desa wisata pujon kidul 13 situs toto toto slot toto slot toto slot toto slot toto slot akuntoto slot gacor slot gacor toto togel toto slot toto slot toto slot toto togel situs toto situs toto https://www.timexplywoodanddoors.com/clients/ toto slot toto slot toto togel toto slot slot hoki99 toto slot gacor bwo303 bwo99 toto slot bwo99 toto slot situs togel toto slot toto slot toto slot online slot 4d bwo99 AMANAHTOTO AMANAHTOTO toto togel slot toto https://saint-mathieu.com/spcaroussillon/ slot 4d toto slot slot 4d toto slot toto slot togel slot situs indobet akuntoto slot toto slot 4d babeh188 situs toto agb99 toto toto slot toto slot 4d slot depo 10k situs toto toto togel situs toto toto slot toto togel toto slot toto slot toto toto situs toto toto slot 8kuda4d toto slot judi bola toto situs toto link slot situs toto situs toto toto toto slot situs toto slot toto toto togel situs toto eropa99 login logototo RTP toto slot leon188 situs toto 8kuda4d situs slot gacor situs toto situs toto situs toto situs toto situs toto ilmutoto panen100 mix parlay toto slot toto slot situs toto situs toto situs toto situs toto situs toto toto slot situs toto agen toto togel mawar800 situs toto situs toto titi4d titi4d rtp slot slot gacor mataramtoto pascol4d resmi toto slot gacor mataramtoto toto PASCOL4D Toto slot 5000 bobatoto ltdtoto sontogel akuntoto ketuatoto bejototo logototo amavi5d sesetoto kientoto ComfortbetGroup slot gacor popo togel mataramtoto mataramtoto https://pawpaw4dnn.com/ Sukaspin slot https://webet188tiga.world/ sbobet88 sbobet88 rasa4d https://cookingpantry.com/ toto mataramtoto slot gacor slot gacor situs toto slot gacor slot semibola MAHKOTAWD VISI4D