Why Do We Fall For Online Scams?

Uploaded on 2016-03-18 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

An example of a phishing email, disguised as an official email from a (fictional) bank.

Scams are big business. From the letters claiming you’ve won millions in a lottery that you don’t recall entering, to phone calls from people claiming to be your bank, it is becoming increasingly difficult to keep up with the range of scenarios being used to con people out of money.
    
Victims can suffer substantial financial losses that cannot be recuperated and psychological distress.

Collectively, people across the globe are losing billions each year to mass-market scams, with US$12.7 billion lost globally in 2013 to 419 advance fee fraud scams alone. Precise figures are difficult to come by due to the substantial under-reporting of this crime. Recent reports suggest only 15% of victims in the US report the crime to law enforcement.

Advances in technology mean scams have become more sophisticated. Entire fake websites can be set up, complete with company logos. Letterheads can be mimicked and telephone numbers or e-mail addresses can even be spoofed. The aim might be to get you to click a link, write a cheque, provide your personal details or download an attachment but all these scams use particular influence techniques to get people to respond.

Key tactics
The use of authority figures is important, for a start. The person on the other end of the line or email might purport to be an IT specialist, police officer, bank personnel or government official. Such techniques work because people have an inherent tendency to comply with requests from authority figures, something that is encouraged by society from an early age.

They also exploit other common social norms and rules. Humans tend to feel obliged to repay a free gift or favour or help an individual in need, so we find it difficult to say “no” to polite requests. This can range from people requesting monetary donations for fake charities on your doorstep to desperately asking for help to resolve a current crisis, such as travel problems or emergency medical bills – a common scenario in online romance scams.

Scams are also designed to elicit an emotional response. This might be a positive emotion such as excitement at winning money, or hope at the prospect of an online romance, or it might be a negative emotion, such as fear, anxiety or panic about fraudulent activity identified in your bank account.

This allows scammers to influence the cognitive processes people use when making decisions. They encourage the victim to use mental shortcuts, known as biases and heuristics, so that they make decisions quickly and without thinking. For example, by linking e-mail or telephone scams to current and high profile news stories, such as the TalkTalk data breach, scammers are able to increase the likelihood that people will believe them. This is because things that come to mind quicker are more likely to be judged as important and as likely to be genuine, a concept known as the availability heuristic.

Instilling a sense of urgency in recipients by imposing a time limit on responding also increases the likelihood that people will feel pressured when making decisions. They will base their choices on emotional responses and social cues rather than systematically considering the likely authenticity of the communication. This is because responses such as panic at potential identity theft or a fear of losing out can make people prioritise the alleviation of these emotions. They focus on short-term goals that will make them feel better. In this case, that means responding to the scam.

Fighting fire with fire
General awareness about scams is definitely on the rise, which helps us be more wary about who we give information to. However, awareness is only one way of tackling scams. There is growing consideration that wider public health and behaviour change models may play an important part in dealing with this problem.

That means considering the different factors that influence how we respond to scams, such as our specific attitudes and beliefs, previous experiences and the behaviour of those around us.

When we decide whether to respond to a letter or e-mail, or to believe the person on the other end of the phone, these decisions are likely to be based on our prior attitudes and beliefs. For instance, do you perceive a potential risk in responding to a lottery win? Do you generally trust people are who they say are on the phone? Do you often share email links? Have you ever had a bad experience clicking on a link? These factors might make you more or less likely to interact with scams that exploit these behavioral norms.

At the moment, we just don’t know how these different beliefs and attitudes affect people’s decision making when faced with a scam. Until we understand the factors that affect how and why people respond to scams, it is difficult to reduce the problem. The only way this can happen is if people are willing to openly talk about their experiences of scams.

All the awareness campaigns in the world won’t defeat the scammers if people continue to feel ashamed about falling for their tactics. We need to reduce the stigma associated with responding to scams so that all of the ways in which these scams work can be understood. Then we might be able to beat them.

The Conversation: http://bit.ly/1LWBquR

« Brand Reputation Includes Cyber Safety
Is The Cybersecurity Market Facing A Downturn? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

National Cyber Security Directorate (DNSC)

National Cyber Security Directorate (DNSC)

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Thomsen Trampedach

Thomsen Trampedach

Thomsen Trampedach offers a tailored-made brand protection solution to each customer using a proprietary enforcement automation and reporting tool and a multilingual enforcement team.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

CryptoNext Security

CryptoNext Security

CryptoNext provides optimal end-to-end post-quantum cybersecurity remediation tools and solutions for IT/OT infrastructures & applications.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.