020 3633 3182
Client Portal
Cyber Security

The psychological tactics
behind phishing emails

Most phishing emails do not look obviously fake anymore.

That is the problem.

They work because they trigger emotion before suspicion. The attacker is not just trying to fool your eyes.

They are trying to rush your judgement.

The tactics
How phishing emails catch people out
!!!
Urgency
"Need this done now." "Please action before close of play." "Review immediately."
When people feel rushed, they stop checking. Urgency is the most common trigger in phishing attacks.
CEO
Authority
Partner or director HMRC Microsoft Key supplier
The email looks like it came from someone senior or official. People are less likely to question authority.
@
Familiarity
Real names Job titles Supplier names Client matters
Including real details makes the message feel safe and expected โ€” even when it isn't.
!
Fear
Password expiry Missed payment Locked account Compliance issue
Fear makes people act fast โ€” often before they think clearly about what they're doing.
๐Ÿ™‚
Helpfulness
"Can you sort this for me?" "Are you free for something urgent?"
Helpful people are easier to manipulate. The instinct to assist is used against them.
SHH
Secrecy
"Keep this between us." "I'm in a meeting." "Can't talk right now."
Secrecy is a major red flag. Legitimate requests rarely need to be kept quiet.
Red flag - always verify by phone

Why AI makes this worse

AI helps attackers write better emails โ€” cleaner wording, better grammar, more believable tone.

It removes the obvious red flags people used to spot.

So now the danger is not just a suspicious-looking email. It is a convincing email that creates pressure.

How staff should be trained

1

Do not just tell people to hover over links - train them to spot pressure

2

Train them to pause when a message feels urgent, unusual, or private

3

Train them that it is always fine to verify by phone before acting

4

Make phishing awareness a regular conversation, not a once-a-year exercise

The most important question to ask
Is this phishing?
Is this email trying to make me act too quickly?
If the answer is yes โ€” stop and check. Every time.
Final thought

Phishing works because it manipulates people. AI just makes that manipulation look more believable. The defence is not better technology โ€” it is better awareness.

Want to see how your staff would respond in a real attack?

Let us carry out a simulated phishing attack on your team and give you a compliance report showing where the risks are and where training is needed.

Talk to our team โ†’