How do scammers exploit curiosity or flattery?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

Have you ever opened an email because you genuinely needed to know who was talking about you? Or clicked something because it started with "your work has been recognized"? That's not weakness. That's being human. Scammers know this, and they build entire campaigns around it.

Curiosity and flattery are sneakier than urgency or fear because they feel good. Fear makes you pause. Curiosity and flattery make you lean in.

Why curiosity is so hard to resist

Curiosity creates an information gap. Your brain notices something is missing and wants to close it. Scammers open that gap deliberately, then put a malicious link at the other end.

Common curiosity hooks you'll see in phishing emails:

  • "You won't believe what [colleague name] said about you"
  • "Someone viewed your LinkedIn profile 6 times this week"
  • "Your document has been shared with 3 external parties"
  • "We noticed unusual activity on your account"

The professional-grade versions are more subtle. A message that says "Your proposal was flagged in our legal review" creates the same itch. You have to find out what that means. The gap is open. The click feels almost involuntary.

Why flattery is so disarming

Flattery works because it doesn't feel like a threat. When someone tells you you've been selected for your expertise, or that your reputation preceded you, your brain shifts into a warmer, more open state. That's the point. Skepticism drops when you feel appreciated.

Professional flattery hooks tend to sound like:

  • "Based on your excellent track record in [industry], we'd like to invite you exclusively"
  • "Your insights were highlighted in our latest report. Here's the link."
  • "We've been following your work and want to feature you"
  • "As one of our most valued contacts, you get early access"

The last one is particularly effective because it layers two things at once: flattery (you're valued) and scarcity (early access). Both bypass your rational filter at the same time.

What makes these tactics dangerous for professionals specifically

Executives, marketers, founders, and anyone with a public profile are especially exposed. Scammers can personalize these hooks using LinkedIn, press releases, or company websites. They know your job title, your recent projects, sometimes even your manager's name. That context makes the hook feel real.

Now a generic "you've been selected" is easy to dismiss. "Based on your recent keynote at [conference], our editorial team wants to feature you" is much harder. (And it takes about five minutes of research to pull off.)

How to stay skeptical without going paranoid

The goal isn't to distrust every compliment or stop being curious. It's to pause before you act on that feeling.

  • Ask what the email is actually asking you to do. Click a link? Download a file? Enter credentials? Legitimate recognition doesn't usually require any of those things.
  • Check whether the sender's domain matches the organization they claim to represent. "awards@linkedln-recognition.net" is not LinkedIn.
  • If someone claims your work was mentioned somewhere, search for it directly. Don't use their link.
  • Treat unsolicited praise with the same curiosity you'd give an unsolicited invoice. Both deserve a second look before you act.

Still the question to ask yourself isn't "does this feel real?" Scammers are good at making things feel real. The question is "why is this email asking me to do something right now?"

If you want to go deeper on the full picture of how these social engineering tactics connect, the almanac has a full thread on phishing psychology worth reading through. Or if something suspicious already landed in your inbox and you're not sure what you're looking at, the Email Header Analyzer can help you see what's actually going on behind the scenes.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Describe the suspicious email and get a ranked breakdown of red flags

I've received an email that feels like it might be using flattery or curiosity to get me to click. Help me think through whether it's legitimate or a phishing attempt. I'll describe the email and you give me a ranked list of red flags to look for, questions I should ask before clicking, and what a legitimate version of this type of email would typically look like instead.

Edit the yellow boxes, then send to the AI of your choice.