Defence Online

The vulnerable human

May 28, 2026

How organised crime targets your people by using “human nature” against them – by Nick Smallman CEO of Working Voices

Employees are likely to be can-do team-players, ready to please, and happy to fit in. What could go wrong? In 2020, the branch manager of a Japanese company received a call. It was a senior executive, a voice they recognised, telling them to act on emails and documents authorising the transfer of huge sums of money.  

It was discovered that the attackers knew names of employees, company structure, and transaction expectations. But by then it was too late. Through a multi-layered, social engineering assault, the criminals collected $35 million in a series of international transactions. Simultaneous lines of attack, that were well designed and mutually supporting, were directed at one individual.

Let’s look at that individual. Their name hasn’t been revealed. But they were working for an international organisation, they had responsibility for financial transactions, they were part of a bigger team. Perhaps we can imagine them as busy, compliant, and reluctant to refuse a director from their parent company (which is who the voice resembled). Sound familiar?

Between them, multinationals around the world employ millions of people matching this description. Criminals only need one person to give them what they want. Better still, they know that all these people share a human set of vulnerabilities and flaws. You have them too. We all do.

Employees in particular are prone to authority bias, time pressure, likeability traps, and emotional hijacking. In other words, they are potential victims of social engineering. Not because they are weak, but because they are human. This is what people are.

Employees might feel over-whelmed, tired, and keen to get things off their desk. The more senior the person behind the request, or the bigger the terms, the more reluctant someone might be to question things. Add deadlines into the equation and employees do what they do best: facilitate. People feel concerned about looking silly in front of leaders or appearing unresponsive to authority.

When someone’s identity can be scraped from LinkedIn, company websites, and a dozen other online sources, a familiar face can be easily simulated. How readily will an employee challenge familiarity? Someone running on autopilot, with their defences down, is an easy target.

Cybercrime succeeds when people don’t ask the right questions and fail to challenge a suspicious request or unusual action. Questioning thoughts with the eye of a critic isn’t always easy for compliant people. Critical thinking was the most sought-after core skill, in 2024, for seven out of 10 companies, according to the World Economic Forum. Skills like critical thinking are hard to inspire through an e-learning video.

At Working Voices, we build long-term behavioural change through our own bespoke protocols, capitalising on 30 years’ experience in critical thinking, psychology, and communication. We train people to recognise their vulnerabilities and flaws, find their potential and dig deep – whether seeking solutions or learning to ask questions.

The most sophisticated attacks will fail when people follow the psychological and systemic processes that training provides. Only through active learning sessions that meaningfully engage trainees will they develop effective change. Talk to us, we’re ready to explain more: wvpsd.com

Post written by: Vicky Maggiani

Vicky has worked in media for over 25 years and has a wealth of experience in editing and creating copy for a variety of sectors.