Most of us have encountered a variation of the classic 'Nigerian prince scam', which is a thinly veiled email alerting the recipient that large sums of money have been discovered and that your bank information is necessary to'release' these riches. Poor language abounds, and the yarn is overspun.

However, many online scams are much more difficult to identify. Spear-phishing emails, which are targeted attacks on individuals using convincing personal information, are becoming increasingly widespread.

What is actually to blame? For the most part, it is simply a matter of how our minds are wired.

The Lie of Neutrality

One of the characteristics we promote in society is the ability to be 'objective' - fair, logical, and reasonable. We want to believe that we are skillfully analyzing events and basing our actions on sound conclusions: in the stock market, the courtroom, the hospital, the voting booth, on the road, and online.

The truth of the issue is very different. In 2002, psychologist Daniel Kahneman was awarded the Nobel Prize in Economics for his research into how frequently humans are illogical. Our irrationality is as prevalent when interacting with technology. We open attachments that we should not. We click on hazardous links unintentionally and automatically. Some of us may have even followed the financial requests in phishing (scam) emails.

What is the cause of this irrationality? Biases. There are hundreds of them.

Hacking the mind

One of the most harmful, especially when it comes to our online behavior, is that we are typically unduly optimistic when assessing our skill at intellectual tasks, also known as 'illusory superiority' bias. In one well-known study at Stanford University, researchers questioned MBA students how they valued themselves in relation to others. 87 percent considered themselves to be better than the median. In another survey, 93 percent said their driving skills were above the population's median.

In the field of cyberpsychology, everyone believes they are the equivalent of a cyber genius. In a study done at Friedrich-Alexander University in Germany, 78% of participants claimed in a questionnaire that they were aware of the dangers of clicking on unknown links, yet when sent a simulated phishing email, 45 percent clicked the harmful link regardless.

In fact, studies demonstrate that the poorer we are at a task, the more confident we become; our lack of talent deprives us of the abilities required to detect it. Often, those with the worse cyber security behaviour in businesses will not bother with their company's cyber security training, assuming they know everything or that their time is too important to spend on training. Individuals sometimes assume that because they have never directly encountered a calamity, they will never do so: this is known as the 'normalcy prejudice'. In terms of cyber security, this usually results in circumstances in which people fail to appropriately plan for, or even consider, the prospect of becoming a victim of a data breach.

These kind of mental processes frequently spread like wildfire in workplaces. The psychological phenomenon known as 'information cascade' (when a person observes the activities of others and engages in the same acts) means that new employees who enter a workplace with good cyber security policies may wind up copying the poor habits of senior peers. In these situations, if one individual leaves a sticky note with their passwords on it, you can nearly guarantee that others who notice it will follow suit.

Hacking the heart

The emotional brain is stronger and quicker than the logical brain. Imagine you’re in a heated discussion with your boss over the behaviour of a colleague, or perhaps you’re overloaded with work alongside family commitments - the classic work/life balance problem. All of these examples can cause the emotional brain (psychologists might call it the ‘amygdala hijack’) to take control of your frontal cortex (the ‘thinking brain’) and therefore possibly decreasing your rational decision-making capabilities. This flaw in the way our brains are wired - emotional bias, or ‘affect bias’ - is keenly exploited by scammers.

Attraction (people are more likely to comply with someone they like), trust (people comply when a request comes from a figure of authority), the need for acceptance (people comply if and when others are doing the same thing), excitement, curiosity, and fear, are all great tools for gaining compliance and encouraging victims to disclose information or click on malicious links.

In getting individuals to part with their money, one of the most commonly used methods to exploit the strength of the emotional brain is the scarcity principle. You’ve no doubt observed this in action at a local shop, where signs exclaim “Hurry! Sales ends Friday”. Things that are difficult to attain are typically more valuable. It’s a principle prevalent in fraud. For example, phone fraudsters try to convince victims that their computers are malfunctioning and are urgently in need of repair.

Double check

Of course, it’s impossible to simply become unbiased and unemotional. But in high pressure work environments where the brain is looking for a quick fix in order to get onto the next task, we need to pay attention to what our brains are really up to. Double check everything.

Is this situation plausible? Is this person who she says she is? Is this link going to redirect me where I think it is? For the most part, the answers to those questions will be yes.

But those extra few seconds could be the difference between staying safe online and losing a great deal of money and reputation.

When the answer is no, you’ll be thankful you double checked.