How to Thwart Internet Scams

It sounds like a Star Wars movie moment, but when “malicious cyber actors deployed Darkside ransomware,” it was anything but a movie script (CISA, 2021). Ransomware created by hackers was used to curtail oil flow through the 5,500 miles of pipeline that supply the eastern United States, resulting in long gas station lines of panicked drivers. Known for their phishing tactics to gain access to personal data, the “Darkside gang” hackers logged into a Colonial Pipeline employee account and took control of the company. For almost a week, the oil distribution network was compromised until Colonial paid a $4.4 million ransom.

This sort of attack, albeit on a smaller scale, is also directed at individuals every day, with the number of cybercrimes reported to the FBI on the rise, quadrupling from 2005 to 2023. But why, in an age of digital literacy, do so many people still fall prey to them? Research shows that we’re hardwired to be vulnerable. The cognitive underpinnings and emotional triggers that evolved for our survival can be co-opted into trapping us in these ruses. 

Tim McGuinness, the director of the Society of Citizens Against Relationship Scams, posits that “the rise of online scams and fraud presents a novel challenge to modern human populations, exploiting psychological vulnerabilities rather than physical traits.”

Experiments show that hidden processes in our brains initiate actions before we make conscious decisions. By the time we’re aware of deciding whether to click on a pernicious email, our brains may have already made the decision. When study participants are monitored with scalp electrodes while taking an action, such as tapping a button when they see something on a screen, EEG activity starts as early as 1.5 seconds before self-initiated movements, in what’s been called the “readiness potential.” (Schmidt et al., 2016) 

Scientists debate the implications of this readiness potential for exercising free will, whether to escape a pouncing tiger or open a tantalizing email. Regardless, we have a suite of traits that render us vulnerable to scams. A 2024 study (Zhao and Zhou, 2024) found that our emotions as we make decisions have a statistically significant effect on risk-taking. Study participants experiencing positive emotions chose higher-risk higher-reward options in a gambling scenario. Phishing scams that elicit positive emotions may, likewise, increase click rates on risky emails.

Our vulnerability to internet scams also stems from cognitive overload. Think about walking into a megastore to find one item you need on rows and rows of crowded shelves. In overtaxed brains, our decision-making functions worsen, resulting in spontaneous bad purchases. A 2025 study of information overload noted that “digital interactions force consumers to make rapid decisions during information overload situations because traditional decision-making time is unavailable.” 

A 2021 study showed that when people visiting a simulated e-commerce platform were faced with high volumes of product information about products, they invested fewer attentional resources in making a decision. And, later, the participants that had faced information overload were more likely to regret their decisions. In a fatigued state, we may rush to click on a phishing email, bypassing a rational assessment of risk.

So, in terms of our cognitive underpinnings, we’re set up for failure when internet scams come our way. Moreover, according to a 2022 questionnaire, people are “worried and often dissatisfied with the current technologies available to protect them against phishing emails.” Organizations working to reduce phishing and other scams look to break the ties that allow cyber-criminals to reach peoples’ computers. 

The data privacy company Incogni roots out and removes personally identifiable information from the internet. Such information—Social Security numbers, bank IDs, passwords—is the raw material for targeted scams. On its website, Incogni explains that they “decided to build a tool that would curb the unfair data collection practices of data brokers and empower people to leverage existing privacy laws.”

The more personalized the cyber attack, the higher a victim’s vulnerability. A 2023 experiment on spear-phishing (individually targeted scam emails) compared participant vulnerability under conditions of high and low personalization. Participants were three times as likely to fall prey to emails that were highly customized to their personal information.

In a two-fold strategy to cleanse the internet of people’s stored personal information while also blocking the barrage of marketing materials, Incogni works with data brokers to suppress customers’ names from marketing lists. As unwanted emails and other spam abate, cognitive overload should ease, leaving people better positioned to make sound choices about what to click on.Research also shows that we can learn to behave in a more resilient manner when confronted with scams. A 2024 literature review of 53 published studies on phishing education, training, and awareness found that when people are aware of anti-phishing efforts in place, they’re more likely to be vigilant themselves. So, reading this article may have given you a leg up in watching for suspicious digital communications and deleting them before you act on any temptation to click.

Protect yourself with Incogni. Use code NAUTILUS today to get an exclusive 55% discount on annual plans.

This post was originally published on June 24, 2025.