🛡️ EIOC Guard

Emotional Deterrence Assessment: Working with human psychology, not against it

Welcome to Your Emotional Security Assessment

Social engineers succeed not by exploiting technical vulnerabilities, but by manipulating our natural human emotions and instincts.

This assessment will help you recognize Emotional Indicators of Compromise (EIOCs) - the psychological states that attackers create to bypass your rational defenses.

"Power wears many masks. Urgency is not trust. Pause, then protect."

You'll learn about five critical emotional vulnerabilities and develop practical stewardship skills to protect yourself and your organization.

How it works:

  • 5 interactive scenarios testing different emotional vulnerabilities
  • Self-assessment of your responses to various manipulation tactics
  • Personalized recommendations based on your unique profile
  • Educational insights, not clinical diagnosis

Time required: 5-10 minutes
Goal: Build self-awareness and emotional resilience

🎭 Prestige Mirage
Technical Mapping: Status-Based Exploit

Attackers impersonate high-status individuals or leverage implied authority to bypass normal verification processes.

🛡️ Stewardship Cue: "Signal is earned, not borrowed."
Real Impact: Barbara Corcoran's assistant received an email appearing to be from Barbara, requesting a $388,000 wire transfer for a real estate investment. The familiar tone and apparent authority nearly succeeded.

📧 Scenario: The Executive Request

You receive an email from your company's CEO asking you to urgently purchase $5,000 in gift cards for a client appreciation event. The email mentions it's confidential and time-sensitive. The CEO's assistant is copied on the email.

What's your first response?

Purchase the gift cards immediately - the CEO needs them urgently
Forward the email to IT to check if it's legitimate
Call the CEO or assistant directly using a known number to verify the request
Reply to the email asking for more details about the event

How susceptible are you to authority-based requests?

Very Low
Low
Moderate
High
Very High
🤝 Familiarity Shortcut
Technical Mapping: Implicit Trust Injection

Attackers create false familiarity through personal details, shared connections, or mimicking communication styles to shortcut trust-building.

🛡️ Stewardship Cue: "Pause before you mirror."
Real Impact: Cabarrus County lost $1.7 million when attackers impersonated a familiar supplier, using correct project details and communication patterns to convince staff to update payment information.

📱 Scenario: The Helpful Colleague

You receive a call from someone claiming to be from your IT department. They know your name, department, and mention a recent system upgrade you experienced. They're asking for your password to "complete the security update on your account."

What makes this scenario potentially dangerous?

They called during business hours
They used specific details to create false familiarity and trust
They mentioned a security update
They knew your department

How often do you verify identity when someone demonstrates familiarity with you or your work?

Always
Usually
Sometimes
Rarely
Never
⚡ Performance Reflex
Technical Mapping: Urgency Trigger Exploit

Attackers create artificial time pressure to force quick decisions and bypass normal verification processes.

🛡️ Stewardship Cue: "Urgency is not a credential."
Real Impact: Centrify was targeted with an urgent wire transfer request appearing to be from their CEO, claiming a time-sensitive acquisition deal required immediate payment.

🚨 Scenario: The Deadline Pressure

You receive an urgent email marked "CONFIDENTIAL - RESPOND IMMEDIATELY" from your manager, requesting you to quickly transfer funds to close a last-minute deal. The email mentions that "every minute counts" and that you should "call me after it's done, not before."

What's the strongest red flag in this scenario?

The confidential marking
Instructions to act first and verify later
The mention of a business deal
The urgent timeline pressure

How does time pressure affect your decision-making?

Makes me more careful
Doesn't affect me much
Sometimes I rush
Often makes me hasty
I always rush under pressure
💝 Empathic Camouflage
Technical Mapping: Affinity Bias Pretexting

Attackers exploit our natural desire to help others, creating scenarios that make refusal feel cruel or unprofessional.

🛡️ Stewardship Cue: "Familiar warmth may conceal cold intent."
Real Impact: Snapchat's HR department released employee W-2 forms after receiving a request that appeared to be from their CEO, exploiting their desire to be helpful and responsive to executive needs.

💔 Scenario: The Personal Emergency

You receive an emotional email from someone claiming to be a colleague's spouse, explaining that your colleague is in the hospital and they need access to important work files to handle insurance paperwork. They're asking for login credentials and seem genuinely distressed.

What's the appropriate response to this emotional appeal?

Provide the login information immediately - they're in crisis
Express concern but verify through official channels before providing any access
Ask them to prove their identity with personal questions
Ignore the request - it's probably fake

How difficult is it for you to say no to emotional appeals for help?

Very Easy
Easy
Moderate
Difficult
Very Difficult
👔 Deference Drift
Technical Mapping: Authority Spoof Lever

Attackers exploit organizational hierarchies and cultural norms that discourage questioning authority figures.

🛡️ Stewardship Cue: "Stewardship honors questions."
Real Impact: Toyota Boshoku lost $37 million when employees received what appeared to be executive instructions for urgent financial transfers, with organizational culture discouraging questions about senior leadership decisions.

📊 Scenario: The Board Directive

You receive what appears to be a directive from your company's board of directors, marked "CONFIDENTIAL - BOARD EYES ONLY," instructing you to prepare financial transfers for a merger discussion. It emphasizes discretion and warns against discussing it with anyone, including your direct supervisor.

What's the most appropriate action?

Follow the directive immediately - you can't question the board
Ask a trusted colleague what they think
Verify through established company protocols, regardless of the secrecy request
Wait to see if anyone else received similar instructions

How comfortable are you questioning instructions from senior leadership?

Very Comfortable
Comfortable
Neutral
Uncomfortable
Very Uncomfortable

Your Emotional Security Assessment

--
Emotional Security
"Power wears many masks. Urgency is not trust. Pause, then protect."

Understanding Your Assessment

This assessment measures your awareness of emotional manipulation patterns that social engineers commonly exploit. Your readiness level reflects how well you recognize and respond to these tactics.

Remember: Emotional security is a learnable skill. The goal is building awareness and developing practical defenses against manipulation.

Your Personal Development Focus Areas

Share This Assessment

Know someone who could benefit from understanding emotional manipulation tactics? Share this free resource with them.

For organizational training or curriculum licensing, contact SoftArmorLabs.

🛡️ SoftArmorLabs
© 2024-2025 SoftArmorLabs. All Rights Reserved.
Contact: info@softarmorlabs.com
Licensing & Partnerships: partnerships@softarmorlabs.com
EIOC Guard™, the Emotional Indicators of Compromise™ framework, Stewardship Cues™ methodology, and all associated content are proprietary intellectual property of SoftArmorLabs.

This assessment is provided free for personal and educational use. Commercial use, reproduction, or derivative works require written authorization.
EIOC Guard™ • Emotional Indicators of Compromise™ • Stewardship Cues™ • Emotional Deterrence Primer™