Online Scams

The neuroscience of phishing attacks

Written by a NortonLifeLock employee


November 22, 2021

All kinds of fun facts bounce around the internet. You might have seen the one about contextual reading: It deson’t mttaer in waht oredr the ltteers in a wrod aepapr, you can sitll raed it wouthit pobelrm. See how this neuro-scientific peculiarity helps phishing criminals earn lots of money and what simple things you can do to protect yourself.

Why are URLs so important?

Uniform Resource Locators – or URLs – are rather important if you want to get anywhere on the internet nowadays. In ancient times (fifteen or twenty years ago that is) data was shared through floppy disks, which were still in heavy use back then. If you don’t know what floppy disks are: they are basically legacy industrial equipment that looks like the ‘Save’ button in your everyday apps.

Times have changed and so has the industry. In today’s world, files are distributed over the internet. But did you know: The net actually consists of many subsystems like email, file sharing and the Word Wide Web. Also known as the www, the latter represents what you usually do in your browser: click on links, enter URLs in the browser bar, search the web; those are all examples of how you use URLs to access the web.

What is a domain?

Domains exist because they are easier to remember than IP addresses (which domains point to). They operate pretty much like the address book on your smartphone. If you do not remember the phone number of a person to call, you look them up in your address book via their name – which you hopefully do remember. This establishes the connection between person and callable number. So, when you enter in your browser, it will look up and redirect you to the proper IP address of the web server that hosts the site. If you enter, you will not be redirected to the site you intended to visit but rather will receive a browser warning, stating that the website does not exist – just like the well-known “The person you’ve called is temporarily not available” message you hear on the phone when you dial the wrong number.

Some typos are intentional

“Where does the neuroscience bit come into play?”, you might ask. Well, here we go: Cybercriminals are able to register the domain from the above example and host ads. Once you accidentally enter the wrong URL, you will be redirected to this so-called typosquatted domain and thus will also see the ads. This in turn generates money for the advertiser. The important thing to remember is that this is possible not simply due to careless surfing – it works because the human brain operates with contextual sections.

Some just want to make a few quid by registering a misspelt domain in order to sell it back to the brand owner. One could register and sell it to, as this is most likely a commonly misspelt URL.

From malware to phishing

Other unfair practices include redirection to potentially unwanted applications (abbreviated PUA). Your browser will typically show a warning about the state of your computer – telling you it might be infected, that your drivers are out of date or that you have won a million pounds. When downloading and installing such software you are most likely either

a) installing unwanted applications that won’t do a lot to help you, but will find even more ‘dangers’ on your PC that you supposedly need to fix with even more software – which will, at some point, ask you to pay

b) installing malware

What can you do about it?

Check your links: When you use the web, make sure you are on the correct page before entering your credentials, especially payment information. You should also always make sure that your antivirus is up-to-date and running. An antivirus and similar products are most often considered to provide you with something in between base and enhanced detection of malicious software on your PC. Nowadays, they also include effective web protection like cloud-based scanning of URLs, which often helps in cases like these. However, you should never solely rely on software to help protect you. It helps a lot to know about the risks. You just might look twice next time!

Stay one step ahead of phishing attacks

Cybersecurity experts often say that hackers don’t break in - they log in. That’s a testament to how successful phishing scams can be.

Phishing has been a constant cyberthreat since the early days of the internet and it’s likely to be a constant cyberthreat for as long people are falling for these scams. With people spending more of their waking hours on the internet and availing of more online services, we’re arguably more at risk than ever before.

The shift to remote working during the pandemic has also left us more exposed to cybercriminals’ attacks, who will try to exploit this opportunity for their own gain. It can be easier to fall for a fake email that claims to be from a work colleague when that colleague isn’t sitting directly across from you.

However, we’re also more educated about the cyberthreats that are out there and knowing what to look out for is your best defence against phishing. These cybercriminals rely on the element of surprise or on our emotions getting the best of us so it’s all about knowing how they work.

You now know the common types of phishing attacks, how to identify them and how to stay protected against them so you’re already better prepared for anything the internet can throw at you. Once you know how a con artist’s trick works, it’s easy to identify how they’re trying to manipulate you. That’s half the battle when someone is targeting you with a social engineering attack.

Luckily, technology is catching up with some of these tricks and malicious tactics. Having strong antivirus protection can also give you peace of mind against phishing attacks that try to get you to download malware. Think of it as an online safety net should one of these cyberattacks manage to slip through the cracks.

Browsers like Chrome and Firefox are also launching features that are designed to identify phishing attacks in real time, as part of ongoing efforts to protect users. These security features can support your own efforts to stay alert.

New types of phishing scams or strategies will always emerge but most of us are now smarter about our online security than we used to be. And many of these scams are simply more evolved versions of existing scams so you’ll soon be able to connect the dots if you’re alert to the common tricks that phishing attacks use.

So next time you get an email urging you to take immediate action or receive a strange message that sets off alarm bells, you’ll know what to do. A good rule of thumb is to use your common sense, think before you act, and to avoid taking immediate action if something looks suspicious.

Social engineering attacks like phishing are easily spotted when you know what you’re looking for, but it always pays to have a back up plan. If you do slip up, having a trusted solution like Norton 360 will help keep your devices protected against malware, spyware or other nasty cyberthreats.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.