Cyber Safe: The psychology of cybercrime – How hackers hack your mind

By Dan Dueck on June 12, 2025.

The modern landscape of social engineering is a growing threat,

Social engineering is evolving rapidly, with cybercriminals using increasingly sophisticated methods to manipulate individuals and gain access to sensitive information.

From phishing emails to browser hijacks, cybercriminals are no longer just targeting high-risk sites, but are infiltrating seemingly innocent activities, like searching for recipes. At my business, I’ve seen a sharp increase in these types of attacks, particularly through browser hijacks that lock users out of their systems.

In this article, we will explore the most common forms of social engineering and manipulation.

At the end, I’ll reveal the most common online search that people have fallen victim to in the past months. The result may surprise you. We’ll also delve into the psychological biases that criminals exploit to their advantage.

Additionally, I have attempted to structure this article with some repetition on key points to help readers remember; giving them the ability to recognize the issues discussed when they come across them. If this article helps just one person; mission accomplished.

Types of Social Engineering Attacks

Social engineering comes in many forms, each designed to trick individuals into making poor decisions that compromise their security. At my business, I regularly encounter clients falling prey through these primary attack vectors:

Phishing Emails: These are fraudulent messages designed to appear as though they come from trusted entities like banks or government agencies. With advances in artificial intelligence, these emails are becoming more convincing and professional. Instead of the crude, misspelled messages of the past, today’s phishing emails may use company logos, personalized greetings, and legitimate sounding language. The goal is to steal sensitive information, like usernames, passwords, and financial data.

Browser Hijacks: Recently, a significant number of my clients have fallen victim to browser hijacks while performing what would typically be harmless activities, such as searching for tablecloths, In these cases, the victim unknowingly clicks on a malicious link, triggering a pop-up that locks their screen. The message often claims to be from Microsoft or a well known antivirus company, insisting that their computer has been compromised. The victim is urged to call a fake support number or click a link, leading them deeper into the scam.

Phone Calls: Phone-based social engineering, or “vishing,” is another common attack. The victim receives a call from someone pretending to be a representative from a trusted organization, such as a bank or tech support. The scammer creates the belief of an urgent problem, such as a compromised account or system error, leading the victim to provide sensitive information or follow specific instructions that ultimately benefit the scammer.

Medicine Hat’s Dan Dueck has nearly 30 years of experience in information technology. With his IT experience and increased certifications, Dueck has a strong passion for cyber security. His column will appear the first Thursday of the month.

13
-12