惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Cloudflare Blog
U
Unit 42
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
腾讯CDC
罗磊的独立博客
博客园 - 聂微东
博客园_首页
雷峰网
雷峰网
云风的 BLOG
云风的 BLOG
Jina AI
Jina AI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
D
DataBreaches.Net
The GitHub Blog
The GitHub Blog
人人都是产品经理
人人都是产品经理
Y
Y Combinator Blog
量子位
Microsoft Azure Blog
Microsoft Azure Blog
阮一峰的网络日志
阮一峰的网络日志
小众软件
小众软件
月光博客
月光博客
T
The Exploit Database - CXSecurity.com
Google DeepMind News
Google DeepMind News
H
Help Net Security
O
OpenAI News
Blog — PlanetScale
Blog — PlanetScale
S
Security Affairs
S
Security @ Cisco Blogs
Microsoft Security Blog
Microsoft Security Blog
T
The Blog of Author Tim Ferriss
AI
AI
MongoDB | Blog
MongoDB | Blog
G
Google Developers Blog
MyScale Blog
MyScale Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
D
Docker
Hugging Face - Blog
Hugging Face - Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Schneier on Security
Cloudbric
Cloudbric
H
Heimdal Security Blog
J
Java Code Geeks
N
News and Events Feed by Topic
Hacker News - Newest:
Hacker News - Newest: "LLM"
宝玉的分享
宝玉的分享
有赞技术团队
有赞技术团队
S
SegmentFault 最新的问题
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
爱范儿
爱范儿
I
Intezer
GbyAI
GbyAI

Human Risk Management Blog

Trust, Verify, Protect: Modernizing Email Security for the Cloud Report: Social Engineering Remains a Central Part of AI-assisted Attacks ClickFix Social Engineering is Now the Leading Malware Delivery Method CyberheistNews Vol 16 #28 Your 2026 Phishing by Industry Benchmarks: The Findings on Human Risk Scammers Can Use AI Tools to Pinpoint Your Location Based on a Photo Report: Attackers Are Using AI to Automate Social Engineering Your KnowBe4 Fresh Compliance Plus Content Updates from June 2026 From Awareness to Digital Workforce Security Your KnowBe4 Fresh Content Updates from June 2026 Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs Invoice Phishing Attacks Are Abusing the Shop App Phishing Campaign Impersonates Interpol to Deliver Ransomware Prompt Injection and the Rise of Agentic Risk Hyper-Targeted Social Engineering Needs Real-Time Video Response Your Email is Protected. Is Your Teams Chat? CyberheistNews Vol 16 #27 [HOW TO] Your Cybersecurity Starts at Home on World Social Media Day 2026 Phishing by Industry Benchmarking Report: Findings on Human Risk Static DLP Is Leaving You in the Dark: Why It’s Time for Intelligent, Self-Serve Outbound DLP and Misdirected Content Analysis INC Ransomware Gang Targets the Legal Sector 5 Essential Cybersecurity Defenses for Cloud Email Security Cybercriminals Are Targeting the FIFA World Cup 2026 Why Bite-Sized Security Awareness Training Matters in an Age of TikTok and Digital Distraction Happy 3rd Birthday to Our KnowBe4 Community! Phishing Exposes Employee Data at 86% of Fortune 100 Companies Shadow AI Is Not Shadow IT With a Better Marketing Budget CyberheistNews Vol 16 #26 A New Extortion Scam Uses IT Impersonation to Breach Organizations Cybersecurity Starts At Home This World Social Media Day FTC Report: Americans Lost $3.5 Billion to Imposter Scams Last Year Report: Device Code Phishing is Surging Report: Online Shoppers Increasingly Ignore Scam Warning Signs Security Training Needs Google Maps, Not Christopher Columbus Turn Account Takeover Into Real-Time Security Coaching Extortion Gang Sends In-Person Attackers to Exfiltrate Data Attackers aren’t loyal to any collaboration channel CyberheistNews Vol 16 #25 [The AI Tell] How To Expose Machine-Written Phishing Fast Social Engineering Attacks Abuse Workplace Collaboration Tools New Extortion Brand Uses IT Impersonation to Breach Organizations APWG Report: Social Media Phishing is Surging Cybersecurity Awareness Training for AI: Key Focus Areas Americans Lost $900 Million to AI-Powered Scams Last Year What AI Can’t Hide When It Writes a Phishing Email Your AI Agents Are Eager to Please And Easy to Exploit From 1% to 26%: How AIDA Orchestration Fixes the Remedial Training Gap Best AI Agent Security Tools for SMB and Enterprise in 2026 4 Hot Summer Travel Tips To Avoid Scams CyberheistNews Vol 16 #24 [FBI Alert] Lock Down Your Microsoft 365 Device Code Flows Now The Role of Agentic AI in Phishing Security Training A Credit Score for Cyber Behavior Agentic AI Security in 2026: What to Know How to Secure AI Agents: 4 Best Practices An Overview of Email Compliance Regulations and Reporting Report: AI-Assisted Fraud is Surging Attackers Use Spoofed ChatGPT Site to Deliver Malware I Love Device-Bound Session Credentials, But They Are Still Phishable and Hackable Nearly Two-Thirds of CEOs Cite Cyberattacks as Their Top Concern A Look at Spam vs. Phishing: 4 Key Differences KnowBe4 Wins Multiple 2026 TrustRadius Top Rated Awards Cyber Insurance for Mid‑Market Organizations in Southeast Asia KnowBe4 Earns Multiple 2026 Buyer's Choice Awards from TrustRadius The New Frontier: Securing Japan’s Hybrid Digital Workforce (2026 & Beyond) CyberheistNews Vol 16 #23 Now Phishing Attacks Use Real Hotel Reservations to Target Travelers Report: AI-Enabled Social Engineering Attacks Are on the Rise Your KnowBe4 Fresh Compliance Plus Content Updates from May 2026 FBI: Kali365 Phishing Kit is Targeting Microsoft 365 Accounts KB4-CON - AI Is Everything How to Secure AI Adoption In Your Organization Your KnowBe4 Fresh Content Updates from May 2026 The Silent Invitation: A Deep Dive into Calendar Invite Phishing Cyber Insurance for Mid‑Market Organizations in Southeast Asia Chinese-Language Phishing Kits Are Growing More Advanced Phishing Attacks Are Using Real Hotel Reservation Info to Target Travelers Warning: Scammers are Exploiting Geopolitical Unrest Athletes Are Increasingly Targeted by Social Engineering Attacks AI Agent Governance Part 3 - Runtime Governance: The Hidden Performance Cost of Agentic AI AI Agent Governance Part 2 - What Good Looks Like: Governing AI Agents in Practice 8 Ways to Reduce False Positives in Email Security Ransomware Attacks Drive a Surge in Cyber Insurance Claims My Favorite 5 KnowBe4 Agents Perry Carpenter KB4-CON 2026 Q&A: Deepfakes & Deception Free Gift Fallacy: How Attackers Harvest Credit Cards via Fake Surveys CyberheistNews Vol 16 #21 [Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets Alert: Extortion Groups Are Using Phishing Kits to Automate Their Attacks Beyond the Chatbot: Why Your AI Agents are Your Newest (and Most Vulnerable) Colleagues Report: Adversarial Use of AI is Evolving
When Global Conflict Becomes a Cyber Weapon: How Iran Tensions and Other Stressful Events Fuel Social Engineering Attacks
Erich Kron · 2026-05-28 · via Human Risk Management Blog

Evangelists-Erich KronWhen geopolitical tensions rise, whether due to conflicts like the current one involving Iran or other global flashpoints, many organizations focus on physical security, supply chains, or political implications. But there is another battlefield that lights up almost immediately: the human mind.

Cybercriminals and threat actors do not just watch the news like everyone else; they are good at weaponizing it, and when stress, uncertainty, and fear are running high, social engineering attacks become significantly more effective.

Crisis Creates Opportunity…for Attackers

There is an old political adage that says, “Never let a good crisis go to waste.” We do not need to worry about that when it comes to criminals. They know it. They live for it.

Let’s start with something we already know. Cybercriminals go where the opportunity is. Motivations like financial gain, data theft, disruption, and even ideological influence drive many attacks.

Global conflict checks all three boxes.

When tensions involving any political issues, major conflicts, disasters, or other events escalate, we typically see:

  • Increased media consumption
  • Rapid information sharing (often without verification)
  • Emotional reactions such as fear, anger, and/or uncertainty

That combination is exactly what social engineering campaigns thrive on, and let’s face it, attackers do not need zero-days when they have headlines.

The Psychology Behind Why This Works

Remember that social engineering is not really a technical attack; it is a psychological one. This psychological attack also drives physical responses, such as the release of cortisol and its associated impact on the brain. Cortisol suppresses activity in the prefrontal cortex, the brain region that controls decision-making, planning, impulse control, and social behavior, while stimulating the amygdala, which often heightens feelings of fear and vigilance, making you more alert but also more reactive and emotionally driven.

Does “suppressed impulse control” and being “emotionally driven” sound like a good combination to you? It does to attackers.

Research shows these attacks exploit weaknesses in human cognition, especially when people are:

  • Under stress
  • Experiencing high cognitive load
  • Distracted or overwhelmed

And of course, global conflict, politics, and disasters increase all three.

Studies in psychology have demonstrated that stress directly degrades decision-making ability. In simple terms, when people are stressed, they make faster but less critical decisions. You know, like checking a URL before clicking on a link in a message.

That is precisely what the bad actors are after.

Emotional Triggers: The Real Attack Surface

When news broke about the conflict involving Iran, attackers quickly pivoted their lures to match the narrative. These are not random phishing emails or text messages; they are carefully crafted psychological hooks. The same thing happened after the most recent L.A. protests, the Air India disaster, and especially during the COVID-19 pandemic. It is all out of the same playbook, and it is in the playbook because it works.

Common themes include:

  • “Breaking news” alerts
  • “Urgent security updates”
  • Donation or humanitarian aid requests
  • Government or military impersonation

These work so well because they tap into predictable human behaviors:

  • Fear - “Is something happening near me?”
  • Urgency - “I need to act now.”
  • Authority - “This came from a government agency.”
  • Curiosity - “I need to know more.”

Most of our brains are hardwired to have the same basic response. It is how we survived being chased by giant lizards in the past. Clearly, it worked, since we are here, and the giant lizards are mostly gone.

Social engineering campaigns are specifically designed to manipulate these emotional reactions and cognitive biases. When those emotions are already elevated, or when we are mentally overstimulated by trying to keep up with developments in real-world events, the attacker does not have to work nearly as hard.

Stress + Urgency = Bad Decisions

One of the most dangerous combinations in cybersecurity is stress paired with urgency. Research on scam behavior shows that time-pressure cues significantly increase the likelihood that a victim will comply with a fraudulent request.

Think about it:

  • “Act now before escalation!”
  • “Immediate response required due to international threat”
  • “Your account may be impacted by sanctions! Verify it now.”

These messages are engineered to bypass rational thinking. The fact that the urgency is not directed at us is also why we can look in from the outside and easily spot the threat, even when the target does not.

When urgency is introduced, the brain shifts toward automatic decision-making (often called “System 1 thinking,” based on the work of Daniel Kahneman), which is fast but also far more prone to error and manipulation.

Real-World Examples You Are Likely to See

During periods of tension involving Iran, organizations and individuals should expect to see:

1. Phishing Campaigns Using Breaking News

Emails or texts disguised as:

  • News outlets
  • Intelligence briefings
  • “Leaked” reports

These often contain malicious links or attachments.

2. Financial and Donation Scams

Attackers exploiting empathy and confusion:

  • Fake charities
  • “Emergency aid” requests
  • Cryptocurrency donation campaigns

Emotional appeals override normal skepticism.

Business Email Compromise (BEC) with a Geopolitical Twist

We know that BEC attacks are already highly effective. You only need to look at published losses by the FBI or other law enforcement organizations.

Now add a global crisis:

  • “Due to instability in the region, we need to reroute payments.”
  • “Urgent vendor change due to sanctions”

Toss in the crisis angle, and the scenarios become far more believable.

3. Disinformation and Influence Campaigns

Not all attacks are about money.

Some are about:

  • Shaping public perception
  • Creating panic
  • Undermining trust

These campaigns often blend social engineering with misinformation, targeting both individuals and organizations.

I have a love/hate relationship with social media over this. I love keeping in touch with family and friends, but I hate the misinformation and disinformation that permeates these platforms and the hate and vitriol it causes.

Why Even Smart People Fall for It

There is a dangerous myth in cybersecurity: that only “untrained” users fall for scams, or that people who do are unintelligent.

This cannot be further from the truth. Even smart people fall for them when the right message hits at the right time.

Research shows that:

  • Social engineering succeeds by triggering automatic, subconscious responses
  • Even experienced individuals are vulnerable under stress
  • Human error is involved in the majority of breaches (up to ~60–68%)

In other words, this is not about intelligence; it is about being human. Let’s cut some people who fall for these things some slack.

What Organizations Should Be Doing Right Now

If geopolitical tensions are rising, your security posture should adjust accordingly.

This is where the concept of layered defense becomes critical (again, nothing new, but often overlooked in practice).

Focus Areas:

1. Increase Awareness in Real Time

Do not wait for annual training. If you are only training annually, this is a good time to make some meaningful adjustments to that cadence. Quick microlearning can be great here, with a focused message and guidance on how to protect against potentially related threats.

Tie any awareness messaging directly to the current events:

  • “Expect scams related to the Iran conflict.”
  • “Do not trust unsolicited ‘breaking news’ links.”

2. Reinforce Verification Culture

Especially for:

  • Financial transactions
  • Vendor changes
  • Sensitive data requests

Attackers rely on urgency, and verification kills their momentum. Make sure the verification is done through an out-of-band method. In other words, do not do something like call a phone number included in the message to confirm. Use something like a known-good number or a Slack/Teams chat to confirm.

3. Monitor for Themed Campaigns

Security teams should:

  • Watch for spikes in phishing using geopolitical keywords
  • Adjust filters for trending lures

4. Train for Emotional Awareness, Not Just Technical Indicators

Traditional training says:

  • “Look for suspicious links.”

Modern training should also say:

  • “Be cautious when something makes you feel urgency or fear.”

Because that feeling is often the attack. We should train people so that when they have a strong emotional response to an email, phone call, text message, etc., they take a deep breath and look at the message more critically.

Final Thoughts: The Battlefield Has Expanded

Conflict no longer stays confined to physical borders.

It spills into:

  • News feeds
  • Email inboxes
  • Messaging platforms
  • Social media

And ultimately, into human decision-making. Modern cybercriminals understand something we sometimes forget: You do not need to hack a system if you can influence a person.

When global or political tensions rise, whether involving Iran or another region, or when a major disaster occurs, organizations must recognize that their people become the primary target.

Because in times of stress, people are under the most pressure, and that is exactly when attackers strike.

Let’s help arm our employees, friends, and family with the defenses they need to counter these threats.