Why Do We Fall For Online Scams?

Uploaded on 2016-03-18 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

An example of a phishing email, disguised as an official email from a (fictional) bank.

Scams are big business. From the letters claiming you’ve won millions in a lottery that you don’t recall entering, to phone calls from people claiming to be your bank, it is becoming increasingly difficult to keep up with the range of scenarios being used to con people out of money.
    
Victims can suffer substantial financial losses that cannot be recuperated and psychological distress.

Collectively, people across the globe are losing billions each year to mass-market scams, with US$12.7 billion lost globally in 2013 to 419 advance fee fraud scams alone. Precise figures are difficult to come by due to the substantial under-reporting of this crime. Recent reports suggest only 15% of victims in the US report the crime to law enforcement.

Advances in technology mean scams have become more sophisticated. Entire fake websites can be set up, complete with company logos. Letterheads can be mimicked and telephone numbers or e-mail addresses can even be spoofed. The aim might be to get you to click a link, write a cheque, provide your personal details or download an attachment but all these scams use particular influence techniques to get people to respond.

Key tactics
The use of authority figures is important, for a start. The person on the other end of the line or email might purport to be an IT specialist, police officer, bank personnel or government official. Such techniques work because people have an inherent tendency to comply with requests from authority figures, something that is encouraged by society from an early age.

They also exploit other common social norms and rules. Humans tend to feel obliged to repay a free gift or favour or help an individual in need, so we find it difficult to say “no” to polite requests. This can range from people requesting monetary donations for fake charities on your doorstep to desperately asking for help to resolve a current crisis, such as travel problems or emergency medical bills – a common scenario in online romance scams.

Scams are also designed to elicit an emotional response. This might be a positive emotion such as excitement at winning money, or hope at the prospect of an online romance, or it might be a negative emotion, such as fear, anxiety or panic about fraudulent activity identified in your bank account.

This allows scammers to influence the cognitive processes people use when making decisions. They encourage the victim to use mental shortcuts, known as biases and heuristics, so that they make decisions quickly and without thinking. For example, by linking e-mail or telephone scams to current and high profile news stories, such as the TalkTalk data breach, scammers are able to increase the likelihood that people will believe them. This is because things that come to mind quicker are more likely to be judged as important and as likely to be genuine, a concept known as the availability heuristic.

Instilling a sense of urgency in recipients by imposing a time limit on responding also increases the likelihood that people will feel pressured when making decisions. They will base their choices on emotional responses and social cues rather than systematically considering the likely authenticity of the communication. This is because responses such as panic at potential identity theft or a fear of losing out can make people prioritise the alleviation of these emotions. They focus on short-term goals that will make them feel better. In this case, that means responding to the scam.

Fighting fire with fire
General awareness about scams is definitely on the rise, which helps us be more wary about who we give information to. However, awareness is only one way of tackling scams. There is growing consideration that wider public health and behaviour change models may play an important part in dealing with this problem.

That means considering the different factors that influence how we respond to scams, such as our specific attitudes and beliefs, previous experiences and the behaviour of those around us.

When we decide whether to respond to a letter or e-mail, or to believe the person on the other end of the phone, these decisions are likely to be based on our prior attitudes and beliefs. For instance, do you perceive a potential risk in responding to a lottery win? Do you generally trust people are who they say are on the phone? Do you often share email links? Have you ever had a bad experience clicking on a link? These factors might make you more or less likely to interact with scams that exploit these behavioral norms.

At the moment, we just don’t know how these different beliefs and attitudes affect people’s decision making when faced with a scam. Until we understand the factors that affect how and why people respond to scams, it is difficult to reduce the problem. The only way this can happen is if people are willing to openly talk about their experiences of scams.

All the awareness campaigns in the world won’t defeat the scammers if people continue to feel ashamed about falling for their tactics. We need to reduce the stigma associated with responding to scams so that all of the ways in which these scams work can be understood. Then we might be able to beat them.

The Conversation: http://bit.ly/1LWBquR

« Brand Reputation Includes Cyber Safety
Is The Cybersecurity Market Facing A Downturn? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

ZM CIRT

ZM CIRT

ZM CIRT is the national Computer Incident Response Team for Zambia.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

CyberArts

CyberArts

CyberArts is founded on the belief that every single organization deserves and requires the creme de la creme when there is a need for Cyber services.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

Motiv ICT Security

Motiv ICT Security

Motiv is the ICT security specialist that provides public and private sector organisations with IT security solutions and services to prevent cybercrime, data theft and data breaches.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

Securadin

Securadin

Securadin - Defending Your Data Security. We will assist you in learning how to maintain the confidentiality, integrity, and availability of your organization's assets.

Turk Telekom

Turk Telekom

Turk Telekom is the first integrated telecommunications operator in Turkey.

Elastio

Elastio

Elastio's cloud-native platform safeguards cloud data from the risks posed by ransomware, application failures and storage security vulnerabilities.

Praxis Security Labs

Praxis Security Labs

Praxis Security Labs is a research driven cybersecurity company that helps our customers to reduce risk and improve security.