Social technology, ranging from social media platforms to workplace collaboration software such as Slack, Microsoft Teams, and Zoom, is at the forefront of our professional and social lives. Today, there are approximately 5.66 billion social media users worldwide, with 259 million new users signing up for social platforms per second. With research showing that the typical Internet user spends over one full waking day a week using social media, it is only logical that social technology should be a target of cybersecurity attacks. Attackers exploit four psychological factors—urgency, authority, social proof, and trust—to achieve their goals. They do so because the human mind, rather than software vulnerabilities, often opens the gateway to the sensitive data they seek. As such, developers, employers, and everyday users of social technology must take a psychology-first approach to security.
The Vital Four
Urgency is a typical psychological factor that attackers exploit through urgent messages such as “Your account will close unless you take action within 2 hours.” In the face of such urgency, the mind typically jumps to impulsive, non-reasoning thinking (known as system one thinking), instead of verifying sources or taking the time to consult IT professionals or knowledgeable advisors (which can be classified as reasoned, or system two thinking). The second factor is authority. Attackers may impersonate a friend, IT team member, or manager to obtain sensitive information from a user. Thirdly, there is social proof. Social app users may be shown fake likes or reviews that lead them to engage in conforming behaviors. Finally, there is trust. Scammers may use familiar branding, deepfakes, or personalized information to encourage users to share private information.
The New Role Played by AI in Psychological Attacks
AI-based technologies, such as deepfake voices and videos, have further eroded psychological safety, making it difficult for traditional security to keep users safe. Traditional approaches assume users will behave rationally, yet they often do not, especially when decision fatigue combines with urgency. Attention is a prime commodity in an age in which most users are almost constantly connected. As such, asking users to remember complex passwords or engage in lengthy protocols only adds to their cognitive burden.
The Nature of Psychology-First Security
Psychology-first security takes a different approach by designing for human cognition. As noted by consumer app founder Zibo Gao, when it comes to social apps, it is vital to analyze and align features with human behavior before writing code. That means making security behaviors easy and attractive by gently nudging them in the right direction. For instance, apps can automatically suggest setting stronger passwords, send occasional reminders to enable two-factor authentication, or let users know what steps friends and colleagues are taking (such as using password managers). It is equally valuable to raise users’ awareness of emotional manipulation, so they can quickly identify tactics such as the use of urgency to elicit impulsive reactions. Users should also be encouraged to interact with trusted contacts, creating authentic bonds that may already exist in real life.
Apps that Take a Psychology-First Approach
Apps that put human psychology at the forefront include Sincerely, an anonymous-sharing platform that invites users to write letters about their secrets to receive understanding and support from other users. The app successfully protects anonymity by not using names or profiles. Another similar app is Soundmap, a music-centered game in which users walk around collecting songs from real-world locations. It’s a bit like Pokémon Go but for music lovers. It uses gamification, curiosity, and exploration—all powerful psychological drivers—to make music discovery addictive. Both apps tap into the fact that people are motivated by safety, connection, play, and belonging; their main features are aligned with those drives. That same psychology-first mindset is exactly what’s needed to stop social engineering attacks.
Designing security around how humans actually think and feel—making safe choices easy, predictable, and socially reinforced—empowers users against urgent threats, impersonated authority, fake social proof, and manipulated trust. It also allows them to enjoy apps on a whole new level. Placing human psychology at the forefront of app development, after all, isn’t exclusively concerned with safety and security. It harnesses the power of connection, fun, and interactivity. It additionally enables users to build human connections or strengthen the ones they already have.
