Pangolin Store

Falling For The Trap: Why Phishing Works

Falling For The Trap: Why Phishing Works

There is a science to how cybercriminals get us to unwittingly give access to our personal data. Everyone has triggers that could cause them to fall for a scam.

Phishing is one of the oldest and widespread weapons for cybercriminals that specialize in fraud and identity theft.

The premise is simple. You receive a link that looks legitimate, either in an email or a message from a friend or trusted institution and click it.

You’re then redirected to a site that looks authentic and are tricked into signing in with your login credentials. After that step, you’ve been compromised, especially if you use the same password and email address for multiple services.

Phishing isn’t only an issue for private citizens, either. It’s a major problem for corporations too. A study by Accenture showed that 85% of participating organizations experienced phishing and social engineering attacks.

It’s easy to see why: people are still easier to beat than cybersecurity solutions. If a criminal can convince them of authenticity, then victims might hand over control of their digital lives.

People from all walks of life have been affected by phishing, from politicians, business executives, stay-at-home parents, retirees, and more.


The specific trigger that causes someone to click a phishing link varies from person to person, but they all fall under similar umbrellas.

According to researcher Daniela Oliveira, these are:

  • Authority: Contact from someone who could be in a position of authority

  • Scarcity: An offer for something that you deem scarce and valuable

  • Commitment/Consistency: Messaging that follows your perceived way of thinking

  • Liking: Contact from people that are in the same demographic

  • Reciprocation: Requests for a favor to be returned

  • Social Proof: Doing the same as others.

Here are a few situations where one might fall for a phishing scam:

  • A seemingly innocuous email from a trusted organization such as a bank, or a service a user subscribes through like a video streaming site or online game.

  • An SMS or Whatsapp message that says you may be in some legal trouble.

  • A message from a friend with a compromised account that’s asking you to visit an interesting website.

  • An offer to sign up for a raffle that will award a valuable and rare pair of sneakers.

Additionally, Oliveira has shared that good cybercriminals take advantage of our brain’s ability to make quick decisions without fully assessing a situation.

Even worse, these malicious groups have also a developed a keen understanding of when we’re most vulnerable. They also know how to try to take advantage of our mood or alter it to make us more susceptible.

To add to the problem, phishing sites have become extremely advanced on a technical level. Many audiences may not even be able to tell the difference.

We’re all human, and we make mistakes. That’s why it’s so important to stay aware and to make sure you protect yourself against phishing and other scams online.

Join the Pangolin Community

Sign up to get notified about our latest blog posts, and get updates about Pangolin!