Why Do We Fall For Online Scams?

An example of a phishing email, disguised as an official email from a (fictional) bank.

Scams are big business. From the letters claiming you’ve won millions in a lottery that you don’t recall entering, to phone calls from people claiming to be your bank, it is becoming increasingly difficult to keep up with the range of scenarios being used to con people out of money.
    
Victims can suffer substantial financial losses that cannot be recuperated and psychological distress.

Collectively, people across the globe are losing billions each year to mass-market scams, with US$12.7 billion lost globally in 2013 to 419 advance fee fraud scams alone. Precise figures are difficult to come by due to the substantial under-reporting of this crime. Recent reports suggest only 15% of victims in the US report the crime to law enforcement.

Advances in technology mean scams have become more sophisticated. Entire fake websites can be set up, complete with company logos. Letterheads can be mimicked and telephone numbers or e-mail addresses can even be spoofed. The aim might be to get you to click a link, write a cheque, provide your personal details or download an attachment but all these scams use particular influence techniques to get people to respond.

Key tactics
The use of authority figures is important, for a start. The person on the other end of the line or email might purport to be an IT specialist, police officer, bank personnel or government official. Such techniques work because people have an inherent tendency to comply with requests from authority figures, something that is encouraged by society from an early age.

They also exploit other common social norms and rules. Humans tend to feel obliged to repay a free gift or favour or help an individual in need, so we find it difficult to say “no” to polite requests. This can range from people requesting monetary donations for fake charities on your doorstep to desperately asking for help to resolve a current crisis, such as travel problems or emergency medical bills – a common scenario in online romance scams.

Scams are also designed to elicit an emotional response. This might be a positive emotion such as excitement at winning money, or hope at the prospect of an online romance, or it might be a negative emotion, such as fear, anxiety or panic about fraudulent activity identified in your bank account.

This allows scammers to influence the cognitive processes people use when making decisions. They encourage the victim to use mental shortcuts, known as biases and heuristics, so that they make decisions quickly and without thinking. For example, by linking e-mail or telephone scams to current and high profile news stories, such as the TalkTalk data breach, scammers are able to increase the likelihood that people will believe them. This is because things that come to mind quicker are more likely to be judged as important and as likely to be genuine, a concept known as the availability heuristic.

Instilling a sense of urgency in recipients by imposing a time limit on responding also increases the likelihood that people will feel pressured when making decisions. They will base their choices on emotional responses and social cues rather than systematically considering the likely authenticity of the communication. This is because responses such as panic at potential identity theft or a fear of losing out can make people prioritise the alleviation of these emotions. They focus on short-term goals that will make them feel better. In this case, that means responding to the scam.

Fighting fire with fire
General awareness about scams is definitely on the rise, which helps us be more wary about who we give information to. However, awareness is only one way of tackling scams. There is growing consideration that wider public health and behaviour change models may play an important part in dealing with this problem.

That means considering the different factors that influence how we respond to scams, such as our specific attitudes and beliefs, previous experiences and the behaviour of those around us.

When we decide whether to respond to a letter or e-mail, or to believe the person on the other end of the phone, these decisions are likely to be based on our prior attitudes and beliefs. For instance, do you perceive a potential risk in responding to a lottery win? Do you generally trust people are who they say are on the phone? Do you often share email links? Have you ever had a bad experience clicking on a link? These factors might make you more or less likely to interact with scams that exploit these behavioral norms.

At the moment, we just don’t know how these different beliefs and attitudes affect people’s decision making when faced with a scam. Until we understand the factors that affect how and why people respond to scams, it is difficult to reduce the problem. The only way this can happen is if people are willing to openly talk about their experiences of scams.

All the awareness campaigns in the world won’t defeat the scammers if people continue to feel ashamed about falling for their tactics. We need to reduce the stigma associated with responding to scams so that all of the ways in which these scams work can be understood. Then we might be able to beat them.

The Conversation: http://bit.ly/1LWBquR

« Brand Reputation Includes Cyber Safety
Is The Cybersecurity Market Facing A Downturn? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

International Conference on Information Systems Security & Privacy (ICISSP)

International Conference on Information Systems Security & Privacy (ICISSP)

The ICISSP event is a meeting point for researchers and practitioners to address security and privacy challenges concerning information systems.

Prim'X Technologies

Prim'X Technologies

Prim'X Technologies provides information protection solutions to prevent unauthorised access to sensitive data.

Signal Sciences

Signal Sciences

Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform.

Saudi Federation for Cyber Security and Programming (SAFCSP)

Saudi Federation for Cyber Security and Programming (SAFCSP)

SAFCSP is a national institution under the umbrella of the Saudi Arabian Olympic Committee, which seeks to build national and professional capabilities in the fields of cyber security and programming.

PureCyber

PureCyber

PureCyber (formerly Wolfberry Cyber) is an award-winning cyber security consultancy whose goal it is to make cyber security accessible, understandable, and affordable for any organisation.

German Accelerator

German Accelerator

German Accelerator supports high-potential German startups in successfully entering the U.S. and Southeast Asian markets.

Software Diversified Services (SDS)

Software Diversified Services (SDS)

SDS provides the highest quality mainframe software and award-winning, expert service with an emphasis on security, encryption, monitoring, and data compression.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

Center for Information Technology Policy (CITP) - Princeton University

Center for Information Technology Policy (CITP) - Princeton University

The Center for Information Technology Policy at Princeton University is a nexus of expertise in technology, engineering, public policy, and the social sciences.

BaaSid

BaaSid

BaaSid is next generation security technology for data security & security authentication based on De-centralized & Blockchain.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

Infosys

Infosys

Infosys is a global leader in consulting, technology and outsourcing solutions.. Services include IT strategy, technical architecture and operations including cybersecurity.

Eqlipse Technologies

Eqlipse Technologies

Eqlipse Technologies provides products and high-end engineering solutions to customers in the Department of Defense and Intelligence Community.

Acclaim Technical Services (ATS)

Acclaim Technical Services (ATS)

ATS provide operational products, services and solutions to the defense and intelligence communities for all types of critical mission needs.

RANE Network

RANE Network

RANE is a global risk intelligence company that provides critical insights and analysis to more efficiently anticipate, monitor, and respond to emerging threats.