Cybercriminals are not only using fear and urgency to exploit their victims. Positive emotions – such as empathy, curiosity, and a desire to help – are also being exploited, warns Anna Collard, SVP of Content Strategy and CISO Advisor at KnowBe4 Africa (http://www.KnowBe4.com/).
“Emotional manipulation is a common tactic in social engineering (https://apo-opa.co/3LF51hS),” says Collard. “We have all heard about their fear-based tactics or scams using a sense of urgency, but scammers also focus on positive feelings, like compassion and love to try to take advantage of their victims.”
For example, “they create fake fundraisers or charities involving children, the elderly, or natural disasters to trigger immediate compassionate responses,” she comments. “These scams are then backed up by fake testimonials to encourage participation, as well as deepfake videos or AI-generated content showing the supposed impact of their charitable work.”
Emotional content – both negative and positive – is effective in manipulation.
“Fear-based scams remain highly effective – urgency and panic consistently work because they trigger fight-or-flight responses, create time pressure or exploit our fear of losing something. However positive emotions also lower our defences,” Collard asserts. “When people feel good about helping others, they’re less likely to question whether something is a scam. Research shows that the ‘warm glow’ effect from helping others can temporarily lower our critical thinking because we rely more on mental shortcuts rather than analysis.”
Moreover, kindness activates reward centres in the brain, creating a positive feedback loop that criminals can exploit. “These tactics create a sense of connection and purpose,” Collard explains. This makes victims more susceptible to manipulation, especially when they are already emotionally invested. The sunk-cost fallacy can also come into play, where a victim who has already donated a small amount or helped out a ‘romantic’ partner feels compelled to give more.
Examples of trust-based scams
Common examples of these scams include fake charity drives that mimic legitimate organisations like UNICEF (https://apo-opa.co/4nC51g3) or CANSA (https://apo-opa.co/4on21W4). These tactics are particularly effective in communities where a sense of collective responsibility, like the South African concept of ubuntu, is strong. “Criminals co-opt cultural values by framing their scams as community-building initiatives,” she warns.
Collard adds that highly organised romance fraud (https://apo-opa.co/4nwxGTx) and ‘pig butchering (https://apo-opa.co/4qziaZT)’ scams, where criminals build long-term relationships before defrauding their victims, are other prominent examples. “These scams often use sophisticated psychological tactics to build trust and exploit loneliness over many months,” she adds. They are much more sophisticated, not asking for money directly.
What can individuals do?
Collard advises individuals to be cautious but not cynical. “It’s important to take a moment to verify before you donate,” she says. She recommends using independent online resources to verify charitable organisations and causes.
In addition, she recommends creating a 24- to 48-hour pause rule for any financial decisions involving emotional appeals. “Especially when it involves charity, helping someone or potential investment opportunities. These transactions need to be made with a clear level headed mind and not emotionally. It’s also a good idea to discuss potential donations or investments with trusted friends or family members,” she says. “Use secure, traceable payment methods rather than cash transfers, cryptocurrency or prepaid cards.”
What can organisations do?
For organisations that run security awareness training (https://apo-opa.co/3WD2My1), it’s important to help employees recognise emotional manipulation techniques, not just technical threats, as a key component of human risk management. Collard suggests including scenarios involving charity scams, fake volunteer opportunities, and community investment fraud. “The training should emphasise that verification is caring, not cynicism.”
She also favours developing training materials that acknowledge and respect cultural values while promoting security, thereby reducing the inherent human risk that exists in every organisation by making security relevant and relatable. “Use local examples and cultural context in phishing simulations,” she says.
In terms of policy improvements, Collard also recommends implementing approval processes for charitable giving or community investments. “Create clear guidelines and verification procedures for employees engaging with external community organisations,” she comments.
Understanding victim psychology
It’s crucial to approach victims of romance scams and pig-butchering schemes with empathy rather than judgment, as these scams create genuine emotional dependency through sophisticated psychological manipulation. “Victims often form real emotional bonds with their abusers,” Collard explains, “so asking someone to ‘just stop talking to them’ is like asking someone to end a relationship they believe is loving and supportive. They need time, patience, and often professional support to rebuild their ability to trust their own judgment.”
Finally, she believes it’s important not to grow cynical. “Cybersecurity awareness is about defending your ability to genuinely help others,” Collard concludes. “Being security-conscious protects both you and legitimate causes and enables more effective, sustainable giving.”
Distributed by APO Group on behalf of KnowBe4.
Contact details:
KnowBe4
Anne Dolinschek
anned@knowbe4.com
Red Ribbon
TJ Coenraad
tayla@redribboncommunications.co.za
