[INFOGRAPHIC] 9 Cognitive Biases Hackers Exploit the Most

Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one.

People, no matter their tech savviness, are often duped by social engineering scams, like CEO fraud, because of their familiarity and immediacy factors.

Bad actors have the know-how to tap into the "mental shortcuts" that are called cognitive biases and manipulate employees into compromising sensitive information or systems.

Check out this infographic, with examples of the top cognitive biases hackers use the most:


Click here to download the full infographic (PDF). 

Here are the nine cognitive biases with examples:

  1. Hyperbolic Discounting: Choosing immediate rewards over rewards that come later in the future.
    Example: Free coupon or special deal scams

  2. Habit: The tendency of users to follow recurring habits. 
    Example: Phishing emails delivered at a specific time of day

  3. Recency Effect: Remembering the most recently presented information or events best.
    Example: Phishing attacks referencing current events

  4. Halo Effect: When positive impressions of a person, company, etc., influence your overall feeling of that person or company.
    Example: Scam messages from well-known brands

  5. Loss Aversion: The tendency to prefer avoiding losses to acquiring equivalent gains.
    Example: Phishing attacks threatening credit score damage

  6. Ostrich Effect: Avoiding unpleasant information (hiding your head in the sand).
    Example: Phishing emails warning action should be taken quickly or else

  7. Authority Bias: Attributing greater accuracy to the opinion of an authoritative figure.
    Example: Hackers spoofing important messages from the CEO

  8. Optimism Bias: Overestimating the probability of positive events while underestimating the probability of negative events.
    Example: Phishing emails will offer fake job opportunities or insider information

  9. Curiosity Effect: Acting to resolve curiosity even if it could lead to negative consequences.
    Example: Phishing attacks offering limited time offers or secret information

Explore how a better understanding of how hackers are duping users, can help you identify potential cognitive biases and help you build a comprehensive security awareness training program that can be a game-changer in improving your organization’s security culture with our free whitepaper

Request A Demo: SecurityCoach


SecurityCoach enables real-time security coaching of your users in response to risky security behavior. Based on the rules in your existing security software stack, you can configure your real-time coaching campaign to determine the frequency and type of SecurityTip that is sent to users at the moment risky behavior is detected.

SecurityCoach is an optional add-on for KnowBe4 customers with a Platinum or Diamond level security awareness training subscription. Request a Demo today!

Request a Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews