Episode 8 : When Curiosity Beats Caution
- Vivek Krishnan
- Jun 18
- 4 min read
Curiosity-driven trust — when the urge to know overrides the instinct to pause.
REAL STORY: The Email That Felt Too Specific
Hyderabad, 2023Priya, a 29-year-old HR executive, received an unsettling email:
“Final Notice: Your resignation approval letter is pending – kindly review immediately.”
She hadn’t resigned.There was no company branding.The email came from a Gmail address.
But the subject felt urgent and personal — just real enough.So she clicked.
The link opened a fake OneDrive login. She entered her work email credentials.Within minutes:
Her inbox was compromised
Spam was sent in her name
Her internal communication trail was hijacked
❝ She didn’t trust the email. She trusted the urgency of not knowing. ❞
🧠 THE BIAS AT PLAY
This wasn’t a scam crafted with visual perfection. It was crafted with emotional precision.
This is Curiosity Bias — a form of truth bias where our brain prioritizes resolution over reasoning. We trust not because the source looks credible, but because the message triggers an itch to know more.
“Could this be true?” becomes “I need to check — just in case.”
🔍 WHY SHE CLICKED: The Bait
Element | Psychological Trigger |
“Final Notice” | ⏳ Urgency |
“Resignation Approval” | 🧷 Identity relevance |
“Kindly review” | 🎭 Formal tone |
Gmail address | ❌ Emotion blinded scrutiny |
🛡️ WHAT SHOULD PRIYA HAVE DONE?
✅ 1. Pause Before Action Urgency is the bait. Step back and assess.
✅ 2. Check the Email Address Work-related decisions won’t come from free email services.
✅ 3. Don’t Click Blindly Hover over links. If the URL looks odd or masked, stop.
✅ 4. Confirm with a Trusted Source Ask HR. Call IT. Forward the email to a known supervisor. If it's real, someone official will confirm.
✅ 5. Remember This Rule:
Curiosity ≠ Credibility - If it raises your pulse, it deserves your caution.
Scenario: You receive an email:
“Show Cause Memo – Your name is listed in a grievance case. View by 4 PM.”
There's no case ID, no sign-off, and one button: “View Memo.”
Real or Fake?
🧠 Answer: FAKE
🧠 Bias Exploited: Curiosity Bias + Panic
🧠 Giveaway: No real grievance process omits case numbers or verification paths.
📢 TAKEAWAY
The most dangerous scams don’t look real.They just feel urgent, feel incomplete, or feel like they involve you.
You don’t trust the source. You trust your own instinct — to click, just in case.
That’s the trap.That’s truth bias.
💬 CALL TO ACTION
🗣️ Have you ever clicked something just because it felt urgent or personal — even when it felt off? What made you stop (or not)?Share your story — it might help someone else pause before their next click.
This is one of many outliers of the different types of Truth Bias that we are about to unravel
🧠 Outlier Subtypes of Truth Bias
# | Subtype of Truth Bias | Core Trigger | Example Scenario |
1 | Authority Bias | Perceived legitimacy | RBI logo in phishing SMS |
2 | Familiarity Bias | Repetition feels safe | Scam from a known courier or app |
3 | Curiosity Bias | Need to resolve ambiguity | “See who searched for you online” |
4 | Urgency Bias | Time pressure lowers scrutiny | “Final 24 hours to avoid account suspension” |
5 | Social Proof Bias | Everyone else is doing it | “3,000 people invested already. Don’t miss out.” |
6 | Gratitude/Reciprocity Bias | Feeling obligated | Free gift followed by request for personal info |
7 | Emotional Hook Bias | Fear, hope, guilt | “Your family member is in danger – click to verify ID” |
8 | Confidence Bias | Overtrusting polished language | Cleanly written emails with convincing tone |
9 | Role Bias | Aligning with known professional roles | Fake doctor, HR, or CBI officer on call |
This episode covers the curiosity bias...
🧠 Curiosity Bias in Phishing
Security studies highlight that 17% of phishing attacks exploit curiosity — specifically targeting users’ need to resolve ambiguity
A Trellix cybersecurity report confirms phishing emails frequently prey on fear, urgency, and curiosity to override logical thinking trellix.com.
🎯 Real-World Tactics
Keepnet Labs details “curiosity-based phishing” examples — like “leaked exclusive content” or vague memos — designed to compel clicks based on intrigue pmc.ncbi.nlm.nih.gov+3keepnetlabs.com+3keepnetlabs.com+3.
Meta compliance research identifies how phishing scams leverage curiosity and greed by offering undefined content or deals, triggering impulsive clicks scworld.com+3metacompliance.com+3keepnetlabs.com+3.
✅ Supporting Social Engineering Insights
Social engineering knowledge bases explain that curiosity is a trusted manipulation tactic — baiting victims into clicking links or downloading files scworld.com+7anubisnetworks.com+7keepnetlabs.com+7.
🧭 Closing Message: Know the Triggers Before They Know You
We don’t fall for lies because we’re careless.We fall because deception often wears the face of truth — urgency, authority, familiarity, or curiosity.
What fools us isn’t always the scammer. It’s the emotion they trigger before we pause to think.
Over the next few episodes, we’ll meet each of these biases — not as theories, but as real stories. Stories that happened to smart people. Stories that could happen to any of us.
Each episode will help you sharpen your radar — not just to spot lies, but to spot your own moments of unguarded trust.
🧠 Because the first step in defeating deception… is knowing what makes it work.
Comments