Cybersecurity is fun! Keep learning!

What is Cognitive Security?

According to COGSEC.org, Cognitive Security refers to the practices, methodologies, and efforts made to defend against social engineering attempts both intentional and unintentional manipulation of, and disruption to, cognition and sense-making.

Humans are often the most vulnerable targets in cyberattacks. We can be manipulated or tricked into providing information to threat actors unintentionally. The form of manipulation varies from person to person and moment to moment. If an attacker catches you off guard or disarms you with a targeted tactic, they don't need robust technology to access your bank account. You may end up telling them everything they need to know.

Cognitive Security aims to prevent these issues by interweaving cybersecurity (often involving machine learning and AI) with research and development. By studying the methods and tactics that yield results for social engineers, we can find ways to detect and deter these attacks.

What is Social Engineering and Why is EVERYONE Vulnerable?

Social engineering is an information-gathering tactic that uses email, text, phone calls, video chat, or even in-person interaction. It relies heavily on manipulating human emotion and psychology. While the elderly and children are often more vulnerable, it's important to stress:

ANYONE CAN FALL VICTIM TO SOCIAL ENGINEERING

Social engineering has certain "tells" but when humans are placed in specific situations, we often miss them.

  • Urgency: A common tactic that triggers fear and anxiety, sending us into fight or flight mode. Under pressure, we make instinctive decisions rather than pausing to question what's happening.
  • Romance scams: These usually play the long game gaining trust before manipulating someone for financial gain. This is not the same as catfishing, which often focuses on emotional manipulation (validation, attention, or revenge) and may or may not involve money.
    Romance Scam = financial gain (fraud through catfishing techniques).
    Catfishing = emotional manipulation (not always about money).
  • Roblox scams: Children and teens are frequent targets. Tactics like scarcity trigger Fear of Missing Out (FOMO), pushing kids into poor decisions. Many children are not taught how to recognize manipulation tactics, which makes them highly vulnerable. Protecting kids from this type of manipulation is one of the main reasons I began studying Cognitive Security—not only so my children can protect themselves, but so they can help teach their friends as well.
  • Adults: Everyone in between the most vulnerable groups are still at risk. In today's society, "Keeping up with the Joneses" drives susceptibility to get-rich-quick schemes, "too good to be true" job postings, and fake overdue bills. Even the most observant among us can fall victim if the call, text, or email arrives at the wrong moment.

Have You Fallen for a Scam?

Not all scams are obvious. Some are hidden in "legal" contracts and terms. For example, while not technically a scam, Planet Fitness has a predatory cancellation policy that uses social engineering like tactics. Much like apps with hard to cancel trial periods, they leverage low pricing to lure people in. The in-person cancellation requirement creates friction and inconvenience, keeping memberships active far longer than intended.

This isn't intentional fraud, but it is engineered to take advantage of human behavior, something the company has studied. People often don't go to the gym consistently, and since life is busy, it's easy to justify keeping a $10 per month membership. By the time you remember to cancel, another payment has already gone through. This is a classic example of behavioral design: techniques that fuel social engineering but are also used in everyday marketing, apps, and products. These methods can be ethical, but they are often manipulative depending on intent.

The important thing to remember is this: it's okay. It happens. Social engineering techniques grow more sophisticated every day, and it's increasingly difficult to tell what's real and what isn't. The best defense is to stay vigilant, ask questions, and slow down before acting.

thank you