A friend in need is friend indeed: How scammers exploit social norms

We all have had our email hacked at least once.  When my email was compromised, my scammer/hacker did little more than spam my friends with adverts for electronic goods with a personalised message from (supposedly) me, saying that I just bought this amazing stereo system and my friends should use the link to do the same, at a reduced price.  Knowing me too well (I would never brag about a stereo system like I would do about a Mulberry handbag or a nice scarf), my friends alerted me quickly.  I changed the password for that email and that was the end of my advertising. However, some hacking is not so innocent.  Scammers can be sophisticated, often combining several persuasion techniques to get you to send them money, and not small amounts either. What can start with a simple password hacking can quickly turn into sophisticated persuasion technique and I will explain how. 


We are all brought up to be nice to others and help our friends and family.  Society as a whole is built on those fundamental unspoken rules and this is ingrained in us. We help our friends and family and they help us, when in need. Scammers know this. They also know that, where one would usually be suspicious to get an email from a stranger, asking for money, they would be less cautious if that email came from a friend.

17917187_10154413012650918_4569783566057610658_o.jpg

Humans are social beings. Our lives are built on helping those we care about.

The scam usually consists of an email from your friend (whose email has been compromised), or a person that you know well, telling you they have been stranded on holiday, their possessions stolen and they need some money to get new passports and to get home. Naturally, you are horrified and consider helping. They tell you to wire money to them via Western Union in a particular country to help them get their affairs in order. If you do, money is lost forever and there is little anyone can do for you.  Research found that phishing emails are much more successful when coming from a friend than a stranger, which means that if a scammer invests a bit of time to research things about you before launching a phishing attack, they will be way more successful in attaining funds. Since this is costly to the perpetrator, amounts are usually considerable. This type of scam can be perpetrated via phone, email or social media.

If you ever get an email from a close friend asking for help, if you can, give them a call instead to check the facts first, even when the email tells you they cannot be reached. If you cannot get hold of them, you could respond to the email expressing your concern but also asking a random question such as " how is your son coping?' - when you know that this particular friend doesn't have a son.  Chances are that the scammer will not know this and will respond saying that the son is distressed etc.  Or something similar.  If it is a genuine request by a friend, they won't mind and you will get a warning sign if it is not a genuine friend of yours.  It is also good to let your friend know by some other means that their account has been compromised and urge them to change passwords connected to that email.  This also means passwords connected to any social media that they use with the email in question, just to be sure. 

Phishing emails are usually obvious but every now and again, they can surprise you. Using social component of our lives against us makes them that much more convincing. We trust our friends where we would never trust a stranger, which can be turned against us. Trust is good. It’s an integral part of social relationships, allowing us to make bonds with people we care about. But in this day and age, it can also be our downfall. Trust but verify.