When geopolitical tensions rise, whether due to conflicts like the current one involving Iran or other global flashpoints, many organizations focus on physical security, supply chains, or political implications. But there is another battlefield that lights up almost immediately: the human mind.
Cybercriminals and threat actors do not just watch the news like everyone else; they are good at weaponizing it, and when stress, uncertainty, and fear are running high, social engineering attacks become significantly more effective.
Crisis Creates Opportunity…for Attackers
There is an old political adage that says, “Never let a good crisis go to waste.” We do not need to worry about that when it comes to criminals. They know it. They live for it.
Let’s start with something we already know. Cybercriminals go where the opportunity is. Motivations like financial gain, data theft, disruption, and even ideological influence drive many attacks.
Global conflict checks all three boxes.
When tensions involving any political issues, major conflicts, disasters, or other events escalate, we typically see:
- Increased media consumption
- Rapid information sharing (often without verification)
- Emotional reactions such as fear, anger, and/or uncertainty
That combination is exactly what social engineering campaigns thrive on, and let’s face it, attackers do not need zero-days when they have headlines.
The Psychology Behind Why This Works
Remember that social engineering is not really a technical attack; it is a psychological one. This psychological attack also drives physical responses, such as the release of cortisol and its associated impact on the brain. Cortisol suppresses activity in the prefrontal cortex, the brain region that controls decision-making, planning, impulse control, and social behavior, while stimulating the amygdala, which often heightens feelings of fear and vigilance, making you more alert but also more reactive and emotionally driven.
Does “suppressed impulse control” and being “emotionally driven” sound like a good combination to you? It does to attackers.
Research shows these attacks exploit weaknesses in human cognition, especially when people are:
- Under stress
- Experiencing high cognitive load
- Distracted or overwhelmed
And of course, global conflict, politics, and disasters increase all three.
Studies in psychology have demonstrated that stress directly degrades decision-making ability. In simple terms, when people are stressed, they make faster but less critical decisions. You know, like checking a URL before clicking on a link in a message.
That is precisely what the bad actors are after.
Emotional Triggers: The Real Attack Surface
When news broke about the conflict involving Iran, attackers quickly pivoted their lures to match the narrative. These are not random phishing emails or text messages; they are carefully crafted psychological hooks. The same thing happened after the most recent L.A. protests, the Air India disaster, and especially during the COVID-19 pandemic. It is all out of the same playbook, and it is in the playbook because it works.
Common themes include:
- “Breaking news” alerts
- “Urgent security updates”
- Donation or humanitarian aid requests
- Government or military impersonation
These work so well because they tap into predictable human behaviors:
- Fear - “Is something happening near me?”
- Urgency - “I need to act now.”
- Authority - “This came from a government agency.”
- Curiosity - “I need to know more.”
Most of our brains are hardwired to have the same basic response. It is how we survived being chased by giant lizards in the past. Clearly, it worked, since we are here, and the giant lizards are mostly gone.
Social engineering campaigns are specifically designed to manipulate these emotional reactions and cognitive biases. When those emotions are already elevated, or when we are mentally overstimulated by trying to keep up with developments in real-world events, the attacker does not have to work nearly as hard.
Stress + Urgency = Bad Decisions
One of the most dangerous combinations in cybersecurity is stress paired with urgency. Research on scam behavior shows that time-pressure cues significantly increase the likelihood that a victim will comply with a fraudulent request.
Think about it:
- “Act now before escalation!”
- “Immediate response required due to international threat”
- “Your account may be impacted by sanctions! Verify it now.”
These messages are engineered to bypass rational thinking. The fact that the urgency is not directed at us is also why we can look in from the outside and easily spot the threat, even when the target does not.
When urgency is introduced, the brain shifts toward automatic decision-making (often called “System 1 thinking,” based on the work of Daniel Kahneman), which is fast but also far more prone to error and manipulation.
Real-World Examples You Are Likely to See
During periods of tension involving Iran, organizations and individuals should expect to see:
1. Phishing Campaigns Using Breaking News
Emails or texts disguised as:
- News outlets
- Intelligence briefings
- “Leaked” reports
These often contain malicious links or attachments.
2. Financial and Donation Scams
Attackers exploiting empathy and confusion:
- Fake charities
- “Emergency aid” requests
- Cryptocurrency donation campaigns
Emotional appeals override normal skepticism.
Business Email Compromise (BEC) with a Geopolitical Twist
We know that BEC attacks are already highly effective. You only need to look at published losses by the FBI or other law enforcement organizations.
Now add a global crisis:
- “Due to instability in the region, we need to reroute payments.”
- “Urgent vendor change due to sanctions”
Toss in the crisis angle, and the scenarios become far more believable.
3. Disinformation and Influence Campaigns
Not all attacks are about money.
Some are about:
- Shaping public perception
- Creating panic
- Undermining trust
These campaigns often blend social engineering with misinformation, targeting both individuals and organizations.
I have a love/hate relationship with social media over this. I love keeping in touch with family and friends, but I hate the misinformation and disinformation that permeates these platforms and the hate and vitriol it causes.
Why Even Smart People Fall for It
There is a dangerous myth in cybersecurity: that only “untrained” users fall for scams, or that people who do are unintelligent.
This cannot be further from the truth. Even smart people fall for them when the right message hits at the right time.
Research shows that:
- Social engineering succeeds by triggering automatic, subconscious responses
- Even experienced individuals are vulnerable under stress
- Human error is involved in the majority of breaches (up to ~60–68%)
In other words, this is not about intelligence; it is about being human. Let’s cut some people who fall for these things some slack.
What Organizations Should Be Doing Right Now
If geopolitical tensions are rising, your security posture should adjust accordingly.
This is where the concept of layered defense becomes critical (again, nothing new, but often overlooked in practice).
Focus Areas:
1. Increase Awareness in Real Time
Do not wait for annual training. If you are only training annually, this is a good time to make some meaningful adjustments to that cadence. Quick microlearning can be great here, with a focused message and guidance on how to protect against potentially related threats.
Tie any awareness messaging directly to the current events:
- “Expect scams related to the Iran conflict.”
- “Do not trust unsolicited ‘breaking news’ links.”
2. Reinforce Verification Culture
Especially for:
- Financial transactions
- Vendor changes
- Sensitive data requests
Attackers rely on urgency, and verification kills their momentum. Make sure the verification is done through an out-of-band method. In other words, do not do something like call a phone number included in the message to confirm. Use something like a known-good number or a Slack/Teams chat to confirm.
3. Monitor for Themed Campaigns
Security teams should:
- Watch for spikes in phishing using geopolitical keywords
- Adjust filters for trending lures
4. Train for Emotional Awareness, Not Just Technical Indicators
Traditional training says:
- “Look for suspicious links.”
Modern training should also say:
- “Be cautious when something makes you feel urgency or fear.”
Because that feeling is often the attack. We should train people so that when they have a strong emotional response to an email, phone call, text message, etc., they take a deep breath and look at the message more critically.
Final Thoughts: The Battlefield Has Expanded
Conflict no longer stays confined to physical borders.
It spills into:
- News feeds
- Email inboxes
- Messaging platforms
- Social media
And ultimately, into human decision-making. Modern cybercriminals understand something we sometimes forget: You do not need to hack a system if you can influence a person.
When global or political tensions rise, whether involving Iran or another region, or when a major disaster occurs, organizations must recognize that their people become the primary target.
Because in times of stress, people are under the most pressure, and that is exactly when attackers strike.
Let’s help arm our employees, friends, and family with the defenses they need to counter these threats.
