Spotting Social Pressure in Digital Scams

Last updated: February 2, 2026
Spotting Social Pressure in Digital Scams

Cyber criminals don’t always rely on technical expertise to break into systems. More often, they rely on us—the people behind the screens. By creating urgency, building false trust, or pretending to be someone familiar, attackers use social pressure to influence our decisions and gain access to information or systems.

For faculty and staff at UBC, understanding these tactics is essential. The university is a target not only because of its size, but also because of its research, academic activity, and the valuable data we work with every day. Staying aware helps safeguard personal information, university resources, and the communities we support.

 

How Social Engineering Works

How Social Engineering Works

Social engineering refers to the use of social tactics to convince someone to reveal confidential information or grant access to systems. Instead of breaking through technical defences, attackers manipulate people’s trust, attention, or emotional responses.

These attacks often arrive disguised within everyday communications. Because we all receive a steady stream of messages, threat actors know they can catch us at busy moments, hoping we’ll respond quickly—especially when something feels urgent.

Tactic 1: Impersonation

One of the most effective ways attackers persuade people is by pretending to be someone they’re not. Criminals may pose as new employees, service providers, or researchers and may provide fabricated credentials to appear legitimate.

More sophisticated scenarios—like Business Email Compromise (BEC)—involve messages that appear to come from a trusted colleague, supervisor, or executive. An attacker may ask a staff member to complete a task quickly, such as making an unexpected purchase or sharing information.

Attackers may also pretend to be IT or helpdesk staff, attempting to convince someone to disclose login information or to install software granting remote access.

Before these messages are sent, attackers often spend time combing publicly available sources—including university websites or news—so they can tailor messages to a specific individual or role. This careful preparation helps their requests feel more believable.

Tactic 2: Creating Urgency and Emotional Pressure

Social engineering works best when it feels like there’s no time to think. Criminals manufacture urgency so that recipients react quickly without pausing to assess the situation.

These messages often involve unusual or unexpected requests. One common example in BEC scams includes an urgent request to buy gift cards, sometimes framed as a reward for team members. The explanation usually suggests that the sender is unable to make the purchase themselves.

Attackers also take advantage of high-stress situations—such as public health crises, economic uncertainty, or holidays—when people may be more distracted. Messages sent during these times are designed to feel timely and important, making it more likely that the recipient will respond without verifying the request.

Tactic 3: Going Beyond Email

Phishing isn’t limited to email inboxes. These scams can appear through text messages (smishing) or voice calls (vishing), further blurring the line between legitimate and harmful communication.

In vishing, attackers use phone calls to gain trust. Because many people naturally assume that a voice on the phone is genuine, criminals take advantage of this medium. Some even use phone technology to spoof phone numbers so that the call appears to come from a trusted source.

Attackers posing as helpdesk staff may request login details over the phone or through SMS, attempting to gain access to systems or personal accounts.

Tactic 4: MFA Fatigue

Multi-Factor Authentication (MFA) offers an important layer of protection by requiring a second approval step when logging in. However, attackers have learned to exploit this system by sending repeated authentication prompts—a technique known as ‘MFA fatigue’ or ‘push bombing’.

The goal is to wear down the targeted person. After receiving many notifications, an employee may press “Accept” simply to stop the constant interruptions, accidentally giving the attacker access.

This technique highlights how social pressure doesn’t always look like urgency or authority—it can also be persistent annoyance.

Practical Ways to Protect Yourself and the UBC Community

Practical Ways to Protect Yourself and the UBC Community

Staying informed is one of the most effective ways to protect both your personal information and the institutional data you work with.

Here are key practices to help you recognize and respond to social pressure tactics:

Pause and Verify

1) Pause and Verify

If a message seems unusual, unexpected, or urgent—even if it appears to come from someone you know—take a moment to verify.
Do not respond directly or use the contact details provided in the message. Instead, use a trusted method you already have, such as a known phone number or email address, to confirm the request.

Protect Personal and Institutional Information

2) Protect Personal and Institutional Information

Treat unsolicited requests for personal, internal, or confidential information with caution. Only share details when you are confident in the identity and authority of the person requesting them.

Use Multi-Factor Authentication

3) Use Multi-Factor Authentication

Phishing-resistant MFA is one of the strongest defences against credential theft, especially if attackers gain a password. If you receive MFA prompts unexpectedly, do not approve them—this may be a sign that someone is attempting to access your account.

We’re Strongest When We Stay Aware

Social engineering is powerful because it targets human instincts—trust, helpfulness, and urgency. By staying informed and taking a moment to question unusual requests, we help protect our community and the important work happening across the university.

Each thoughtful decision helps safeguard personal information, research, and academic activity. Together, we share the responsibility of keeping UBC safe.

Go Further...

  • Article

Privacy Matters @ UBC

Safety & Risk Services | 2389 Health Sciences Mall
University Counsel | 6328 Memorial Road,
UBC Cybersecurity | 6356 Agricultural Road
E-mail privacy.matters@ubc.ca

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning