Authority

Attackers impersonate leaders, banks, or officials to pressure instant compliance.

Mitigation: Independently contact the organisation using a number from its official website.

Scarcity

Limited-time offers or “last chance” deals rush decisions before you can verify.

Mitigation: Pause and confirm via trusted sources—legitimate opportunities survive scrutiny.

Urgency or Fear

Threats of penalties or crises push you to react emotionally instead of thoughtfully.

Mitigation: Take a breath, verify the claim elsewhere, and resist acting while stressed.

Social Proof

Messages cite coworkers, friends, or “everyone” to normalise risky actions.

Mitigation: Confirm directly with the referenced people using a different communication channel.

Liking & Reciprocity

Compliments, gifts, or favours increase the pressure to give something back.

Mitigation: A kind tone never replaces verification—check IDs and official records before sharing data.

Commitment & Consistency

Attackers start with small “safe” asks to build momentum toward bigger compromises.

Mitigation: Reassess every new request independently, even if you agreed to earlier steps.

Anchoring

Visual tricks (domains, URLs, fake forms) anchor attention away from true risk.

Mitigation: Inspect the full URL, certificates, and sender details before clicking or typing.

Confirmation Bias

When a message matches what you already believe, you are less likely to double-check.

Mitigation: Seek disconfirming evidence—look for official proof that could prove it false.

Trust Exploitation

Pretexting, secrecy, or channel hopping chips away at established safe processes.

Mitigation: Keep sensitive steps on approved systems and log reports when someone asks for secrecy.