Thursday, September 15, 2016

Understanding psychology of phishing

Everyone gets phishing emails. For scammers, it is probably the most cost effective way of scamming people. Sometimes phish emails are relatively harmless, but often they can be extremely harmful and trick you into parting with you personal passwords, log in details and bank information.   I wanted to collect a few to show you the types of phishing emails and psychology behind them, language they use and how the message will make you feel and want to react. 

First of all, the biggest and most important message and one I think every fraud agency should use is that phishing emails will have one fundamental thing in common; something to click, be that a link or an attachment. Clicking anything in an email is bad, even if it came from your friends, as people's email accounts can be easily hacked. What you should look for in that case is whether this is out of character for your friend. If so, don't click it. 

Let's examine the most frequent phishing emails and how they persuade. Most phishing emails are designed to evoke visceral states. Visceral states are sexual arousal, hunger, greed, fear and so on. When we are under visceral influence, we are likely to bypass careful information processing and act without proper thinking - because we are acting on that visceral influence. When you are starving, you are likely to eat stuff you would reject otherwise, when you are scared of something, you will do anything to save yourself from danger, when you are attracted to someone, you will do anything to get them... so let's see the language used by phishing emails. 

Those offering refunds 

Who doesn't like getting refunds and money back. The offer of free money often puts one in a visceral state of excitement and greed and this is precisely what the scammer wants. They want you to get excited at the prospect of free money enough to act straight away. 

 Who doesn't like a tax refund. Notice this one also have an expiration date, which will further influence you to act in the moment, fearful that you will miss a deadline.
Then there is a link you need to click. Probably will ask for your bank details so they can pay you. They give you 4 weeks so that you don't report anything for a while and they have time to scam you. 

TV licence refund anyone - when does that happen? Not even in your wildest dreams. Juicy link to boot - see how it stands out so you have no time to read anything else. 

Those offering free prizes 

 Argos doesn't know my postcode - see how it is not specified? Also, you cannot see a link in this one that well but I guarantee you that yes and no buttons don't do anything so you will have to click a link under them, confused that you cannot activate the buttons. Then they will ask you for details to give you the gift card but trust me, you won't be buying anything from Argos's Elizabeth Duke collection. 

Here is another one, note again, two nice juicy links, offering a prize package, all you have to do is confirm your details. 

Added time limit to make you act in a moment in case you lose the deal - this is a known scamming and persuasion technique. 

Good old malware types 

 Lucky, most virus software filters flag these but note how they targeted me on my university email and they made it very relevant - academics are likely to go to conferences.  It asks you to note the date and time in the attachments so in order to check what is going on, you would have to click on it.  

Those preying on your fears 

Here are few examples of phishing emails that will induce panic and fear and make you want to sort out the problem as soon as possible. 

 Of course you did not initiate this download so you will frantically click the link saying cancel and support. They mention initiating a download few times, so you get the message that all you have to do is confirm you did not do it yourself and all will be fine.  Note there is another link lower down and that one will probably lead to a legitimate site - scammers are very good at making everything else look exactly so. 

You won't have time to notice the weird way this email is composed. Why would your account be limited? All you see is something is wrong and things will get worse in 24 hours if you don't click that button. 

I still see advice such as 'hover over a link' to see if it is legitimate but this is now outdated.  Good scammers can fake everything, the link will give you an appearance of going to a legitimate place. Email will seem fine.  Look at this example - is part of the email for my university and this was faked. Previously when people clicked the attachment thinking it came from the university, the virus infected their address book, sending spam and scams to all their contacts - this time from their email. 

The only reason why you would need to click a link in an email is if you subscribed to something that minute and you need to verify email or you requested a password change and you need to follow a link. Any unsolicited emails with links are probably not good news. Scammers cannot get to your details if you don't click links but it helps to understand psychological states the emails are designed to put you in, so you act against your best interests. 
If you are worried about your accounts being compromised, call/log in from another source, never use a link. 

Add me on Twitter for daily advice and stay scam safe. 

Wednesday, August 3, 2016

Do scams really happen only to 'some' people?

Once upon a time it was a common belief that scams only ensnare gullible and greedy people, and if you were neither, than you were safe.  And maybe this was true but it no longer holds.  Let me explain why. 

Scams used to cost money to execute many years ago.  A scammer would have to go door to door, make phone calls (and many years ago, phone calls were not cheap), send a fax or set up a venture to defraud.  It would not always pay off for scammers and it would only pay off in cases where they get someone who fits the bill of a 'typical scam victim'.  And there are many traits that may make you more likely to engage with a scam; impulsivity, emotional thinking, greed etc. 
However, since the internet, scammers have been given a unique opportunity to create multiple identities, to call or contact potential victims with almost no cost to themselves and to even program computers to do that for them.  Somewhere along the internet brick road, defrauding became easy, affordable and anonymous.  This, in turn, encouraged more fraud.  When a person is hit with higher volume of scams, there is a chance that one will pay off - that is just simple maths.  The more fraud pays off for scammers, the more they invest in making scams look legitimate and this leads to more victims. 

When something becomes profitable and there is a low risk of prosecution, it will attract intelligent people to it and this is also true of scams.  Scammers are now very aware of human psychology, they often also know things about you before they target you with scams that are likely to appeal.   They invest in appearing legitimate, often manipulating the social media and the internet (i.e. good looking websites, registering a fake company - this is not checked by the government and the scammer only needs couple of months to defraud many victims).  It is often hard to spot a scam these days as people often don't know whom to trust.  And scammers, feeling safe from prosecution, go to great lengths to defraud; impersonating governmental websites, faking identity documentation to open bank accounts and so on.  

The amount of fraud and the fact that it can be delivered from anywhere in the world makes it extremely challenging for the authorities.  It is not always possible to track down the exact person who defrauded you from somewhere else in the world.  The resources are just not there.  And fraud is so omnipresent now that there are very few people out there who can say they have never been defrauded, either by a fake ebay auction or by having their identity cloned.  

The popular thinking, that scams only happen to a small number of people with specific characteristics, no longer applies today and may actually make one less cautious and therefore, more vulnerable to a scam attack.  Never underestimate a scammer, they are businessmen who know their business well.  Fraud is now an organised crime.  And it's here to stay. 

Tuesday, June 7, 2016

A chain is only as strong as its weakest link

Friday, January 8, 2016

Always, always look a gift horse in the mouth

Do you love your giveaways?  Social media are full of them; free iPads, iPhones, free holidays, free first class travel for a year with British Airways, Virgin flights, BMWs and so on.  All you have to do is like a page and share their post.

Harmless enough, right? No. Most of these giveaways are fake pages that need you to proliferate their scam to other people and once you like them, unless your profile is watertight, they have access to your social media, your likes, dislikes, photos, friends and if you particularly naive, your phone number and date of birth.

People love giveaways.  We like to think that lucky things do happen and they do but this belief is often exploited by scammers and the way to get you to comply, the rewards are often big (does anyone ask themselves before sharing, why would British Airways give away first class travel for a year, likely to cost them hundreds of thousands of pounds) and/or in line with current desires.

Last hoax giveaway, even though not particularly malicious, was that Mark Zuckerberg, the founder of Facebook will be giving away free money to people sharing the status about it.  

People got excited and shared it and there is nothing more legitimate than a post saying; according to this and that, this is not a hoax.  It adds legitimacy but does anyone bother checking?  This is precisely how scams work.  If one sees a post like this (or any advertising some giveaway) from a friend, the credibility of a friend extends to the message, even if it has been shared thousands of times and is not actually written by a friend in question. 

So next time you see shared giveaways, check the page that is sharing it and Google the giveaway (more here).  This is often enough to spot a hoax or a scam.

Monday, November 9, 2015

Saying 'No' can save your life

Do you have difficulty saying no to people?  Especially if they are assertive and forceful?  You are not alone.  I will explain how scammers exploit our inability to say no in more ways than one. 

Some people have difficulty saying firm 'NO' to people that are forceful, whereas some get rebellious when they encounter those with arrogant or forceful personalities.  If you recognise yourself as someone who has difficulty with strong personalities, you may be vulnerable to specific scam techniques, especially when the scam is executed face to face.  Scammers look for victims that are going to comply and often can tell within a few seconds of meeting you, whether you are likely to be a victim.  If you find confrontations uncomfortable and have been known to go along with things that you don't want to do when people assert themselves over you, then you are particularly vulnerable to forceful scam techniques employed by scammers that usually target people door to door.  Often we are brought up to be polite and saying no somehow registered as being rude, especially if we feel that we have wasted someone's time.  This is why double glazing salesmen come to your home for 3 hour demonstration; after 3 hours you are likely to feel guilty you wasted their time, despite the fact you don't owe them anything and it is up to them how long they take demonstrating.  Many people have difficulties saying no for this reason.  So what can you do about it?  First of all, it is good to be aware of individual vulnerability and look for ways of adapting to avoid situations that would lead to compliance with unwanted purchases/deals.  

1. Practice saying 'no, thank you'.  It is perfectly OK to say no to people.  If they are selling something and spent time telling you about it, don't feel guilty as this is their job.  You only need to decide if you want what they are selling.   

2. Understand that this will make you vulnerable to similar things forever and think of ways of getting out of situations that force you to feel uncomfortable.  One of the people I spoke to that had a similar problem told me that he lies to people in such situations, telling them he has no money at present.  You can also say you need someone else to make a decision before going ahead.  For example, you can say; I want to ask my son/daughter, who is a police detective, for an opinion as I always run all decisions past them.  If the salesmen mocks you for wanting to run a decision past someone first, please be aware this is also a persuasion technique and don't give in.  Who cares what a random stranger selling you something thinks of you.  

3. Another thing you can do is to tell them to come back when someone else is with you.  This is not a no, it is more 'not now'.  Genuine salesmen will respect this and come back another time.  Ask them to make a solid appointment or give you the number to call to make an appointment when you arrange with a friend/family member to be present.  

If you think that only people who have difficulty with pushy scammers are vulnerable, think again.  Even if you react to forceful and aggressive people pushing you to do something you don't want to do, you can still be caught out by inability to say no, but it will be more subliminal. 

We tend to comply more when a person before us is affable, likeable or appears to be similar to us.  This is how scammers get our trust quickly.  In the absence of any solid experience with the person in front of us, our brain will make short cuts and concentrates on certain features; attire, politeness and so on.  We all make judgements on daily basis and often these judgments need to be quick, therefore they are based on our previous experience.  For example; if you dealt with a person of a certain religion, race and so on...and you had good experience, it is likely that you will assign that good experience to a whole religion or race until you get a different experience.  Same with people who seem similar to us in some way.  Scammers often impersonate their victims for this reason; they may say they grew up locally, know someone from the country you are from and so on.  They may ask you questions about your life style and tell you they feel the same about certain things you tell them.  All of this will make you like them more and the more you like them, the less able you will be to say no when they make a request for a payment.  So what can you do in such situations? 

1. Understand that saying no to someone who is trying to sell you something is not the same as saying no to someone who helped you many times before and is an established friend.  You don't owe them anything, even if you feel that you do, this is just psychology.  

2. Be extra careful if someone you are dealing with (where large sums of money are involved or where someone asks you for money) seem to be 'your kind of person' or seems to click with you, especially in a short time frame.  This is especially true of romance scammers - they will often be great listeners and the more you tell them about what you need/want, they more they will appear to be just what you are looking for.  You can lie and say you have no money just now.  Or talk it over with friends and family to get a non biased opinion, but also listen to their opinion.  Many people disregard their friends or family's opinion.  As they say... two heads are better than one.  It really is true. 

3.  A truly nice salesman will always be as friendly the next day or next week.  Make a rule to never do anything in the moment.  Come back tomorrow or arrange another meeting if you really want the product.  Use the time to think about the product/investment away from the person selling it.  When you separate the two, you may realise that you liked the product because you actually liked the person selling it.  

And always, use the time away to check the facts in every possible way before you commit to parting with your money. 

I am currently running a scam vulnerability study. If you have been affected by a scam, please help me by filling a survey. The research aims to develop a measure of vulnerability to fraud.  University of Portsmouth research, ethics committee approved. 


Sunday, October 25, 2015

Why 'limit' a good thing? Limited and one time offers explained

Have you ever found yourself enticed by a limited or one time offer?  This is a persuasion technique that salesmen often use to entice us to buy stuff we really could do with not buying but I will explain how this also works for scammers.

One time or limited time offers are usually discounted and therefore present a 'good deal' but if they didn't have 'limited time' attached to them, we could go about our business and not buy it, the reasoning being that you can always come back tomorrow and buy it, or next week, or next get the drift.  But once there is a time limit attached to it, it becomes a bit more pressing, as we need to make a decision about buying straight away, or at least in the short time frame.   By the mere fact that there is a time limit on it, the thing in question becomes scarce (or at least scarce at that price) and scarcity will entice you further.   We are hard wired to go crazy when we think something is scarce.  This is ingrained in us and it is an evolutionary tool that helps survival of the species.   In the olden days food was scarce and people ate lots when there was a chance to eat and starved when there was nothing to eat. In the modern age, this is no longer a concern but the instinct to grab something that is scarce with both hands is still prevalent.  And scammers and sleazy salesmen exploit this. 

What limited time offers do is put a rush on our decision making.   You could go home and think about it but then you might miss the offer.  When we are strapped for time our decision making process suffers because our brain makes shortcuts.  Instead of evaluating the deal, the quality of the item, the use, the daily need for it... we focus on the time limit and the good price, sometimes also on the person selling it to make our decision. The more likeable you find the salesmen, the more likely are you to think favourably of the product.  This fact is true of any sale but it is particularly true in situations when you are put in the position where you need to decide on the spot.  And they are trained to remind you of all the 'good' things about the product and forget the 'bad'.   And let's face it, how many times have you found that a one time offer you went for is back next weekend or next month or is available all the time? 

So next time you come across a limited time offer, just remember that this is a technique used to trigger our primal behaviour, which will then override any reasoning regarding the product.  Just knowing this may allow you to walk away until you thought about it.  Sometimes even saying to the person who is selling the product; "Let me think about it while I complete my shopping" will be enough for you to detach from the situation and think about it rationally.  You can then always come back to it if you still think it is a good idea. 

Have you been affected by a scam? I am currently researching what makes us vulnerable to scams. Please help me by filling the survey - CLICK HERE

Saturday, October 3, 2015

How scam safe is social media?

Almost anyone I know has a Facebook account and why not, it is a great way to keep in touch with friends, share ideas, pictures, achievements and so on. But how safe is social media nowadays?  People using websites such as Twitter tend to share less personal information than those who frequently use Facebook and scammers exploit that fact.  What many people don't realise is that every bit of information is extremely valuable to scammers.  There is a popular belief that scammers are just after your passwords, pin numbers and bank account details.  This is not always so.  Scammers now trade personal details and any personal detail is of value, however small.  Marital status, number of children, date of birth, where you work, your likes and dislikes and so on...they are all valuable.  Let's explore why; if you randomly get an offer that is nothing to do with what you enjoy or have a weakness towards, it is very likely that you will gloss over it without properly reading it and discard it.  But if you get an offer that presents you with something you are passionate about, your attention will be directed towards it and it is more likely that you will feel excited about it.  This will, in turn, lead to less information processing.  The fact that we are so bombarded by offers through email means that it takes a special offer to get our attention and scammers now know this and are not afraid to put some work into getting to know you in order to scam you with what you are likely to go for. 

Many people think that Facebook is safe as you only share things with your friends and family that you added as friends.  This is true to some degree but you also share your details with pages that you like.   I will explore couple of popular ways that scammers use Facebook to get to your details. 

Taking identities of your friends

Have you ever received a request from a someone you already have as a friend on Facebook?  It is very likely that this is a scammer who has cloned your friend's identity and is now adding their friends in order to have access to their details on Facebook.  Always be careful of such requests.  Email you friend through old Facebook account to ask if they added you again and wait for a response or contact them via other means to ask.  Once you add this new account, all your information on Facebook is in the hands of the scammer.  Remember, even harmless details are now sold between scammers for profit. 

Fake competitions, prize draws, give aways  and raffles

This is something that is incredibly rife on Facebook.  Perhaps you have seen your friend sharing a status by a company advertising a give away on Facebook and all you have to do is like the page and share the status to be in with a chance.  Whilst some legitimate companies do this type of thing, large number of prize draws on Facebook asking you to share their page or status are fake.  Once you like the page, the page will have your details.  Be careful what you like.  By sharing the status you are giving your friends a feeling that what you are sharing is legitimate.  Scammers often exploit this as they know that a recommendation from a friend is likely to be perceived as credible.   So how you can tell if the page is real or fake.  First of all, look at the page without liking it.  If it is a large company such as Virgin, they are likely to have many followers, not just few hundred.  You can also put the name of the company in the search and see how many results come out and see what other pages with the same name say.  Finally you can search in Google for the giveaway and it is likely that you may discover if it is a scam that way.  

The worst possible thing you can do is click 'like' and 'share' on Facebook, without thinking or investing few minutes to cross reference information.  Scammers are then invited to your photos and your details and these often get used in romance scams or setting up profiles on Twitter or other sites.  Having just an access to your photos is valuable to scammers.  Often they save the whole albums, create fake profiles and scam other users (this is a popular technique in romance scams) and having lots of consistent photographs, especially with family and friends, adds credibility to a fake profile.   

Take time to check the information when you next encounter a prize draw or an offer, especially if it is extremely enticing.   You know the old saying... if something looks too good to be true, it usually is.  Often now, even if it doesn't look too good to be true, it could be fake.