How mindfulness and critical thinking can protect us online

Imagine walking through a virtual reality (VR) space where you hear other avatars talking about the benefits of a new soft drink. To you, these avatars appear to be other players; however, advertisers have purposefully placed them there as virtual spokespeople. Unlike traditional product placements, these adverts are custom-made for you, based on your profile and react in real time to your behaviour.

Imagine these conversations placed in your kids’ VR. Conversations not only about soft drinks but also about political opinions, conspiracy theories, or other malicious content.

In his 2023 paper The Manipulation Problem, Louis Rosenberg warns about the persuasive tactics of AI chatbots with the ability to respond to sensory data they read from users’ headsets in real-time, resulting in opportunities for powerful malicious influence and manipulation.

Bad actors target humans because it is easier than trying to break through sophisticated security technology. Deception and manipulation are not new concepts and are a common form of social engineering. Also referred to as the science of hacking humans, it is still one of the most popular initial attack routes. In 2022, 74% of all data breaches involved a human element.

To defend against these psychological attacks, we should foster critical thinking and develop skills in situational and self-awareness. These skills will become extremely important in metaverse environments where, owing to their immersive nature, the susceptibility to manipulation might be even greater than it is today.

A few factors make humans vulnerable to social engineering and could potentially be exacerbated by immersive environments:

Multitasking is a myth and is actually bad for us. It results in human error and reduces our long-term memory. It also prevents us from being focused or creative and distracts us from the task at hand. Unfortunately, being distracted means we are more likely to act in ways we shouldn’t. Email security firm Tessian’s 2020 study found that distractions were behind 47% of people falling for phishing emails. Developments in spatial computing, with its ubiquity of apps in augmented reality, mean that life will become even more distracted in the future.

The amygdala is the part of the brain that regulates emotions and activates our automatic fight or flight response. Ancient threats needed this immediate response. Unfortunately, we react to modern threats with the same ancient, automatic response that circumvents our executive functioning. Here is the thing: social engineers deliberately trigger our amygdala to suppress our critical thinking and trick us into taking potentially dangerous actions. This also explains why fake news – often laden with emotional content, is 70% more likely to be retweeted than the truth.

Children and adolescents are even more susceptible to these emotion-triggering types of messages. The formative process of connecting the limbic system to the prefrontal cortex continues from the teen years to the mid‐20s. These developmental changes have been linked to heightened emotional sensitivity and risky online behaviour in youth.

In the 2011 book, Thinking, Fast and Slow, author Daniel Kahneman describes how cognitive biases are automatic processes designed to make our decision-making quicker and more efficient. Research suggests that 80% of our day is spent in a fast-thinking, heuristic and bias-driven thinking mode. Fast decisions are not always the right ones and another reason why we are vulnerable to manipulation. This explains why many attacks include a sense of urgency in their tactics.

Mindfulness simply means adding a pause between the trigger and our reaction, and trying not to identify too much with our thoughts or emotions. Researchers Brown and Ryan argue that mindfulness promotes self-regulation by interrupting the so-called autopilot of our automatic thoughts and behaviour patterns.

Plenty of research states that mindfulness results in fewer commission errors, improves attention to tasks and can help combat distraction, stress and multitasking symptoms.

Research exists that shows that a more mindful training approach improves resistance to phishing attacks.

Mindfulness also helps to slow down, focus on one thing at a time, and observe internal and external distractions before reacting to them. By refusing to multitask, we slow down and, ironically, get more done.

If we manage to view our amygdala as a warning system instead of just reacting to it, it becomes a powerful tool. When something makes us feel tense or stressed, being in a mindful state allows us to observe how we feel before reacting. Paying attention to heart rate, tightness, heat, or discomfort might be a sign that the body’s flight-or-fight response is triggered. Our body knows and gives us signs that something is up before we are even conscious of it.

Becoming aware of our senses and labelling what we feel, without giving in to the impulse to act, allows critical thinking and executive function to take control. This in turn allows us to act in a calmer and more intentional state.

Many people are fatigued by security awareness and feel overwhelmed about how to defend themselves. However, teaching them how to become more mindful empowers them to use their own senses as warning signals in digital environments.

These skills are not just about psychological well-being but should be part of online and metaverse safety training. The more our physical reality merges with the digital, the more we need to unlearn bad practices that leave us vulnerable, such as multitasking, and hone critical thinking and focus skills that help us navigate these new spaces mindfully and safely.

VR biofeedback games (where the game responds to information from the player's body) are already used to help youth cope with anxiety by identifying physiological markers and patterns of emotion regulation. These immersive games can be useful tools in mindfulness training and helping kids (and adults) to practise self-regulation and healthier responses to media-generated emotions.

The goal is to transition from automatic reactions to more rational responses. This is a shift that offers empowerment in both the digital and virtual realms while also fostering personal resilience in the offline world.

To explore this subject further and gain deeper insights, the World Economic Forum has recently published a paper on privacy and safety, which delves into various aspects related to this topic and more.