Why Do We Fall For Online Scams?

Uploaded on 2016-03-18 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

An example of a phishing email, disguised as an official email from a (fictional) bank.

Scams are big business. From the letters claiming you’ve won millions in a lottery that you don’t recall entering, to phone calls from people claiming to be your bank, it is becoming increasingly difficult to keep up with the range of scenarios being used to con people out of money.
    
Victims can suffer substantial financial losses that cannot be recuperated and psychological distress.

Collectively, people across the globe are losing billions each year to mass-market scams, with US$12.7 billion lost globally in 2013 to 419 advance fee fraud scams alone. Precise figures are difficult to come by due to the substantial under-reporting of this crime. Recent reports suggest only 15% of victims in the US report the crime to law enforcement.

Advances in technology mean scams have become more sophisticated. Entire fake websites can be set up, complete with company logos. Letterheads can be mimicked and telephone numbers or e-mail addresses can even be spoofed. The aim might be to get you to click a link, write a cheque, provide your personal details or download an attachment but all these scams use particular influence techniques to get people to respond.

Key tactics
The use of authority figures is important, for a start. The person on the other end of the line or email might purport to be an IT specialist, police officer, bank personnel or government official. Such techniques work because people have an inherent tendency to comply with requests from authority figures, something that is encouraged by society from an early age.

They also exploit other common social norms and rules. Humans tend to feel obliged to repay a free gift or favour or help an individual in need, so we find it difficult to say “no” to polite requests. This can range from people requesting monetary donations for fake charities on your doorstep to desperately asking for help to resolve a current crisis, such as travel problems or emergency medical bills – a common scenario in online romance scams.

Scams are also designed to elicit an emotional response. This might be a positive emotion such as excitement at winning money, or hope at the prospect of an online romance, or it might be a negative emotion, such as fear, anxiety or panic about fraudulent activity identified in your bank account.

This allows scammers to influence the cognitive processes people use when making decisions. They encourage the victim to use mental shortcuts, known as biases and heuristics, so that they make decisions quickly and without thinking. For example, by linking e-mail or telephone scams to current and high profile news stories, such as the TalkTalk data breach, scammers are able to increase the likelihood that people will believe them. This is because things that come to mind quicker are more likely to be judged as important and as likely to be genuine, a concept known as the availability heuristic.

Instilling a sense of urgency in recipients by imposing a time limit on responding also increases the likelihood that people will feel pressured when making decisions. They will base their choices on emotional responses and social cues rather than systematically considering the likely authenticity of the communication. This is because responses such as panic at potential identity theft or a fear of losing out can make people prioritise the alleviation of these emotions. They focus on short-term goals that will make them feel better. In this case, that means responding to the scam.

Fighting fire with fire
General awareness about scams is definitely on the rise, which helps us be more wary about who we give information to. However, awareness is only one way of tackling scams. There is growing consideration that wider public health and behaviour change models may play an important part in dealing with this problem.

That means considering the different factors that influence how we respond to scams, such as our specific attitudes and beliefs, previous experiences and the behaviour of those around us.

When we decide whether to respond to a letter or e-mail, or to believe the person on the other end of the phone, these decisions are likely to be based on our prior attitudes and beliefs. For instance, do you perceive a potential risk in responding to a lottery win? Do you generally trust people are who they say are on the phone? Do you often share email links? Have you ever had a bad experience clicking on a link? These factors might make you more or less likely to interact with scams that exploit these behavioral norms.

At the moment, we just don’t know how these different beliefs and attitudes affect people’s decision making when faced with a scam. Until we understand the factors that affect how and why people respond to scams, it is difficult to reduce the problem. The only way this can happen is if people are willing to openly talk about their experiences of scams.

All the awareness campaigns in the world won’t defeat the scammers if people continue to feel ashamed about falling for their tactics. We need to reduce the stigma associated with responding to scams so that all of the ways in which these scams work can be understood. Then we might be able to beat them.

The Conversation: http://bit.ly/1LWBquR

« Brand Reputation Includes Cyber Safety
Is The Cybersecurity Market Facing A Downturn? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Assure Technical

Assure Technical

Assure Technical offers a holistic approach to Technical Security. Our expertise and services span across the Physical, Cyber and Counter Surveillance domains.

Caliber Security Partners

Caliber Security Partners

Caliber Security Partners is a full-service information security company, with a wide range of security services for clients with varying levels of security maturity.

PSC

PSC

PSC is a leading PCI and PA DSS assessor and Approved Scanning Vendor.

Blue Ridge Networks

Blue Ridge Networks

Blue Ridge offers a suite of solutions that enable secure remote access to the enterprise network with protection and control of endpoints.

StrongKey

StrongKey

StrongKey (formerly StrongAuth) is a leader in Enterprise Key Management Infrastructure, bringing new levels of capability and data security at a price point significantly lower than other solutions.

Sponge

Sponge

Sponge is a world-renowned digital learning provider on a mission to make learning unforgettable.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

Information & Communications Technology Association of Jordan (int@j)

Information & Communications Technology Association of Jordan (int@j)

The Information & Communications Technology Association of Jordan is a membership based ICT and IT Enabled Services (ITES) industry advocacy, support and networking association.

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

At RIT’s Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Testhouse Ltd

Testhouse Ltd

Testhouse is a thought leader in the Quality Assurance, software testing and DevOps space. Founded in the year 2000 in London, UK, with a mission to contribute towards a world of high-quality software

Globesecure Technologies

Globesecure Technologies

Globesecure Technologies is a networks and cyber security company. We are here to resolve business security challenges and secure the digital transformation journey of our clients.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

Arculus Cyber Security

Arculus Cyber Security

Arculus Cyber Security enables customers to securely realise the benefits of digital transformation through pragmatic solutions, guidance and services.

RedArx Cyber Group

RedArx Cyber Group

At RedArx Cyber Group, our vision is to empower businesses with cutting-edge, proactive security solutions that safeguard their digital landscapes.