The bias exploited
Authority bias leads people to apply less scrutiny by default to a message that appears to come from a legitimate source. In the reference taxonomy on persuasion in social engineering, this lever ("Authority") is one of five fundamentals; a longitudinal analysis of 887 phishing emails (2016) shows its use follows a mixed trend over time, unlike commitment and scarcity, which increase steadily — a sign it remains a stable pillar rather than a passing trend.
Source: Ferreira, Coventry & Lenzini, HAISA/Springer, 2015; Zielinska, Welk, Mayhorn & Murphy-Hill, Proc. Human Factors and Ergonomics Society, 2016. Accessed 07/17/2026.Three real cases
🏦The fake "anti-fraud" advisor
A spoofed caller ID shows your real bank's number. The person on the line presents themselves as your advisor and asks you to "secure your account" by reading out a code received by text.
See Caller ID Spoofing🗂️The call that follows a data breach
Personal data stolen in a breach (name, bank, recent purchase) lets the scammer build a frighteningly credible call script, borrowing the authority of a service you actually use.
See From Leak to Scam🇺🇸Impersonation scams, a leading fraud category
National fraud reporting bodies document a continued rise in reports tied to impersonation of banking or government authority in their annual activity reports.
See US Fraud ReportHow to recognize it
A caller who claims to represent an official service but asks for an immediate action (reading out a code, making a transfer, installing an app) — real services never operate this way over an inbound call. Hang up and call back the official number found independently.
Definition freely reusable with credit ("Egidio — The Threat Lab") and a link to this page. See the full Grammar of Manipulation.