As technology continues to advance, so does the ways in which cybercriminals target their victims. Phishing attacks and deepfake technology are both becoming more realistic and sophisticated. Yet the human brain struggles to keep pace with these technological advancements. So why is this the case? 

The simple answer is evolution. The human brain is hardwired for survival, and because of this we have developed two systems for decision making. System 1 is impulsive and near automatic. We use this system to solve simple problems, such as identifying people we know. System 2 requires more focus. Itis used for problems that need us to use logic and reasoning. We would use this system when parking a car in a tight spot for example. 

Cybercriminals want to keep their target’s mind working in system 1 decision making. They can then abuse several principles that are processed by system 1. One of these principles is authority. Used correctly, it is nearly always respected. The series of shock experiments by psychologist Stanley Milgram are an example of how obedient people can be to authority.  

Studies show that most people are overconfident in their ability to spot a deepfake. Anyone can fall for a well done deepfake or phishing attack. There are regular reports of victims of phishing attacks, including this month when an employee of an unnamed company in Hong Kong paid $25 million to scammers after attending a meeting with deepfakes of his coworkers. 

Our minds are hardwired for survival, and these attacks use that fact to abuse flaws in the design of the brain.