Extortion and sextortion - how they evolved to haunt us

Extortion and especially sextortion emails are on the rise so what are they? Extortion emails are emails that use some kind of threat, which are sent to potential victims in order to extort money. Extortion correspondence may focus on different elements, such as exposing the victim’s activities in real life (e.g. cheating on a partner) or online (e.g. visiting porn sites or masturbating) to colleagues, friends and family. Some even threaten to harm or kill the victim, with blackmailers frequently asking for payment in cryptocurrency.

Extortion in cyberspace is not a new concept. As more and more data is stored electronically, potential for cyber extortion increases. In the past, cyber extortion typically affected businesses targeted by criminals using malware, which may disrupt or compromise operating systems, but this is now extending to private individuals. Sextortion is also not a new concept. In the past, victims were usually women and tended to be younger, blackmailed either by their ex partner, whom they met and dated in real life and who was in possession of private or sexual images of them, or a perpetrator they met online, who either obtained the images from the victim or by some other means. Research also shows that this type of crime is not all about the money, sometimes victims are blackmailed into supplying pornographic video of themselves and threats can be real.  However, in recent times, it seems that (s)extortion attacks have evolved, targeting private individuals, who have never had any prior contact with their perpetrator, and asking for payments in bitcoin. The reason for this may be that bitcoin, as virtual money, has little or no legal regulation across different countries, making it a perfect choice for criminal activities.


Fear and shame

The new variants of extortion and sextortion emails frequently mention victim’s visit to porn sites, which was recorded (hacked) by the scammer, but sometimes they are kept purposely vague, referring only to a ‘dirty secret’. This could be a deliberate tactic as keeping the content vague allows the scammer to catch more victims, because vague content will be applicable to greater number of people.
Potential victims are threatened and the threats in such emails can be elaborate. Direct threats, such as telling the victim that the data collected on them will be distributed to friends, family and/or work colleagues and implied threats, which talk about shame a victim might feel if their secret was to be made public.

“I don’t think that playing with yourself is really awful but when all colleagues relatives and friends receive video record of it is definitely terrible news.”

Or in emails that refer to extortion that is not connected to sexual acts, such as those that inform the victim someone has paid to have them harmed and offer to reverse this for a fee, the threats are implied by explaining what the blackmailer does for a living:

“ I have got a personal website that includes all kinds of services which actually I give in dark net. Just about anything from totally wrecking a persons business to physical injury.”

Victims are also reminded about the potential breakdown of an existing relationship, should the ‘secret’ come out.

These threats serve a purpose – to evoke fear. Fear is a visceral influence, or a primal drive, under which careful thinking is compromised.
Fear has two components: physiological (e.g. adrenaline levels rise to prepare us to fight or flight a situation) and emotional. This emotional reaction to fear is usually unique to each person, with some people being more averse to fear while others even enjoy feeling some fear (e.g. watching a scary movie or doing extreme sports). Therefore reaction to this type of fraud will be highly individual and people may not be affected in the same way. For example, fear averse individuals may be more likely to comply with the requests in order to avoid the negative emotional response evoked by such correspondence. Additionally, these types of emails contain elements of shaming, which will further intensify the fear and which may have different cultural or societal meanings to different people. For example, while some people consider visiting porn sites to be shameful and would prefer this to be hidden from their friends and family, others may not think there is anything wrong with it and will therefore feel less fear when threatened with exposure of such behaviour on their part. Scammers also include references to social norms in such correspondence (e.g. ‘your taste is so weird’ or ‘you’re a big pervert’) in order to shame potential victims.

 
24899910_10154989544335918_3123697299230813397_n.jpg

Majority of people

will feel intense fear and shame when they receive such correspondence, which may stop them seeking help and advice

 


Persuasion elements

Additionally to evoking strong emotional response, sextortion emails use several persuasive components in order to encourage immediate compliance. Typically they contain an explanation on how the computer was hacked and the victim’s data collected. To most people who have limited cybersecurity or computer knowledge, these will appear credible. Look at this example:

” The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).  I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time.  Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself. I also have access to the camera on your device, and I periodically take photos and videos with you. “

I don’t know about you, but I don’t know enough about computers to know if this is possible and I know a lot about fraud. But I do have talented friends who work in cybersecurity, whom I often ask for advice. To most people who don’t have this luxury, this may appear highly credible.

Then there are time limits imposed (“you have 24 hours”), which add urgency. Urgency is a known persuasion technique. The key is to not allow the victim to properly think about it or share the news with someone who may advise them not to comply. Some perpetrators even draw attention to and apologise for the spelling mistakes, offering an explanation for their poor grammar.

”I am apologise for my grammar, I’m from China”

Since many people have come to associate bad spellings in unsolicited emails with scams, this may be a specific new technique to get around this association and make the correspondence appear more credible.

Frequently, such correspondence also includes references that equate scam victimisation to a normal transaction (e.g. ‘it’s confidentiality fee’) and scammers even plead with a victim not to hate them, as they are only doing their job.

“Don’t be mad at me, everyone has their own work.”

Some of the emails also point out that the amount asked for is reasonable and not likely to affect the victim a great deal financially. The amounts asked for vary greatly, from $200 to many thousands. This may make some victims, especially when amounts are kept low, more likely to pay the ransom and less likely to report it as frauds that result in smaller losses are not reported as frequently. Therefore, some scammers purposely keep the amounts low to avoid detection.

Bizarrely, some scammers also adopt a role of a friend or an advisor and offer the victim advice on security.

“I also ask you to regularly update your antivirus in the future. This way you will no longer fall into a similar situation.”

Sometimes they berate the victim like a friend or a parent would.

”It’s a pity that people did not learn to use the Internet safely. There are too many different specifications about safe Internet using - Proxy servers, the newest antivirus base, close that camera... In your opinion it is not necessary”

This is a known scam technique but feels ill placed for this type of fraud, especially as the communication is based on threats rather than exploiting social norms (e.g. where a scammer places a victim in a role of a friend and asks for help, or where a scammer acts as a friend to the victim in order to exploit them). However, I have found out that scammers sell ‘scamming manuals’ on the dark web for thousands of dollars so using this may just be ‘let’s throw everything in there’ approach.


Inducing helplessness

Perhaps the most worrying component of such emails is that they are designed to induce helplessness, or loss of control over the situation. Scammer reminds the potential victim that, although they can report the blackmail to the police, their efforts would be futile because they are located in another country or they are undetectable. Some also concentrate on the fact that investigation is likely to last a long time, therefore the victim will run out of time and be exposed. Therefore, they have little control over their situation apart from paying the ransom.

”At this point you may be thinking 
‘I’ll just go to the cops’, which is why I have used a fake name fake return address and taken steps to ensure this letter cannot be traced back to me.”

“I am an immigrant, so there is no way out to find out my location precisely.”

“You are able to complain to police but I don’t think that they can solve your problem. The Inquisition will last for one year.”

Why is this important? If a potential victim feels helpless, they are more likely to remain passive, accept the situation and agree to the terms of the blackmail. Therefore inducing helplessness may be a deliberate tactic in such correspondence, designed to render the victim silent, discourage reporting and ensure compliance.


Making (s)extortion fraud prevention count

Often fraud prevention advice fails because it doesn’t adequately address the emotional reactions some frauds evoke. (S)extortion emails, when they reach a vulnerable target, evoke visceral influence (panic, fear). Telling someone not to panic in this situation is the same as telling a starving person not to think about food. Rationally it makes sense but not when you are in a highly emotional or visceral state. When one is in a visceral state, they focus on addressing the goals associated with the current state. Persuasive elements such correspondence is likely to use will further impair judgments and influence decision making. Finally, such emails induce helplessness. In this state, potential victim is likely to surrender the fight and this is even more true of people averse to fear. Therefore simple warnings may not be sufficient. So what should be done?

Fraud prevention practitioners should concentrate on explaining persuasive elements in such correspondence instead of issuing authoritarian warnings (e.g. ‘never respond to such emails’ or ‘don’t panic’) as they are more likely to be effective when someone receives such correspondence. For example, research found that when people get explanations about why security advice is important, as opposed to vague warnings, they are more likely to listen to it. Explaining the reasons for emotional responses evoked by such emails and how they impair judgments may reduce impulsive reactions people typically have in such situations. Pointing out the fact that these ‘visceral’ reactions are temporary and scammers use them in conjunction with time limits in order to take advantage of the visceral (i.e. irrational) response, may teach people to be more aware of how their emotions affect them and teach them to wait it out. Finally, explaining how scammers purposely induce helplessness in such correspondence will empower victims to fight and not flight the situation and report or share their experience with others, who may offer knowledge vital for making optimal decisions.



This article is based on thematic analysis of 60 different extortion emails. I will be presenting the results at the 9th Annual Counter Fraud and Forensic Accounting Conference at University of Portsmouth, UK on 6th June. Hope to see you there.


Successful layering

Scams can be extremely sophisticated, yet for many people, a typical scam is a Nigerian prince asking for help to launder money or a desperate, and dare I say naive, scammer that was talked into holding ‘I can’t believe it’s not butter’ sign, hoping this would get them some funds. But the reality is much darker. Good scammers are very good at psychology and often design frauds by layering different fraud techniques, all designed to complement each other for greater success. For example, scams that evoke visceral influence (fear, panic or greed) will usually have time limits attached to them also (e.g. offer expires, you have 24 hours etc.). This is to ensure that the potential victim has no time to regain composure. Under visceral influence, careful deliberation is compromised and we tend to focus on superficial things, like the size of the reward, attractiveness of the offer or even on the scammer, many of whom are polished, charming and will appear trustworthy. Any inconsistencies will be disregarded in favour of these superficial cues, because when one is under the visceral influence, they are likely to focus on goals associated with that influence. This is why you are always told not to go shopping for groceries hungry and it’s equally true of acting on anything when intense fear or excitement has been evoked.

Scams that appeal to social norms, often use altercasting too. Altercasting is another persuasive technique, where a perpetrator will put a victim in a specific role that is congruent with their goals. For example, I have seen advance fee scams that use narratives where either an orphan girl, a widow or even a pastor appeals for help (social norms) and the victim is placed in a role of a friend or a confidante, where a perpetrator will trust the victim with confidential or deeply personal information before asking for funds down the line. By that time the victim has been acting as a friend or an advisor and this role is likely to help facilitate the fraud, because they will be more likely to help.

Screenshot 2019-03-18 at 10.09.25.png


Scammers often layer persuasion techniques for greater impact.

In conjunction with other individual factors, these techniques can be very effective.

 

Other factors also come into play. Different circumstances, for example, have been known to influence compliance in certain scam situations. Or certain individual characteristics, such as lack of vigilance or impulsivity. For example, if you are down on your luck, looking for work and you are running out of money, you will be more likely to take risks and consider financial opportunities that don’t look very sound. You may be more likely to concentrate on potential rewards instead of any negatives associated with high return investments. If you are also more compliant in general, it is even more likely that, when persuaded to do so, you will decide to go along with something you have some reservations about. Of if you are more impulsive, you may act quickly, without allowing the time to think about your decision. All of these factors combine (or layer) to produce a unique vulnerability score.

Many frauds are still relatively simple. Badly constructed phishing email that will bring a smile to your face, for example, but many are far from simple. It all comes down to how good the scammer is and how motivated they are in developing a highly credible looking, psychologically designed frauds that create situations that can be highly persuasive, and how they go about executing them. The more effort they invest, the more lucrative the venture will be, so it’s good to be vigilant and not underestimate what fraudsters are able to do by concentrating only on badly designed scams that are easy to spot.

Good customer service can make your organisation vulnerable to social engineering attack?

Many companies invest a great deal in security systems but very little in training their staff. They feel that having protocols in place means that protocols will always be followed and that this offers robust protection against fraud. This is not true. Humans are extremely vulnerable to social engineering attacks and employees trained to follow protocol are no exception to this. If you don’t believe, please read and watch this.

So what is social engineering in terms of fraud?  It can be defined as a deception to manipulate and coerce individuals into divulging confidential or personal information, which is then used for fraudulent purposes. Not everyone is equally susceptible to social engineering attack. My own research found that some people are more compliant, impulsive or less vigilant and those traits will make them more likely to succumb to fraudulent attacks. Understanding and addressing these vulnerabilities is the key to fraud prevention. Equally, detecting and understanding scam techniques used in social engineering attacks is also extremely important. See this example – induced urgency (baby crying) will encourage customer service agent to rush decisions and likely compromise the company protocol. This is not an employee problem. Everyone is vulnerable to social engineering attacks under certain circumstances. Continuous education and awareness are the keys to tackling this problem.

Just as it is important to understand how your employees can be vulnerable to social engineering attacks, it is also important to understand that any decision or protocol implemented by an organisation may create a loophole or an opportunity for fraudsters to infiltrate the system. Take customer service, for example.

Expecting excellent customer service from your employees is desirable, but can make it easier for fraudsters to compromise your protocols.

Expecting excellent customer service from your employees is desirable, but can make it easier for fraudsters to compromise your protocols.

It has become customary to ask a customers for feedback each time they receive a service or contact customer service for help. This feedback often leads to incentives for employees providing customer service and frequently may also be used to penalise employees that have unsatisfied customers. Reality is that you cannot please all of the people all of the time and customers can sometimes  demand impossible things. But having these ‘feedback systems’ in place can influence how your employees behave when they provide customer service and this can compromise safety of customers and affect your company’s reputation. For example, if a customer is unreasonable and wishes to source some personal information details they forgot or misplaced, would you expect your employees to breach company protocol to make that customer happy? Probably not, right? But if you also have systems in place where your employees are always monitored and encouraged to have impeccable customer satisfaction record, you create anxiety and encourage company protocol to be broken to achieve this. And this makes you an ideal target for any fraudster that wishes to source personal information that will likely be used for fraudulent activities somewhere else.

It is likely that this types of attacks will be happening more and more. They are extremely lucrative to criminals and can often lead to customers’ bank accounts being compromised and funds stolen, therefore a lot of effort goes into designing these attacks. This can leave your organisation open to lawsuits in the future. Don’t assume basic training and protocol is enough to protect your organisation from social engineering. Always seek better preventative measures, keep on top of new fraud techniques and never underestimate what fraudsters are capable of doing.

 

A friend in need is friend indeed: How scammers exploit social norms

We all have had our email hacked at least once.  When my email was compromised, my scammer/hacker did little more than spam my friends with adverts for electronic goods with a personalised message from (supposedly) me, saying that I just bought this amazing stereo system and my friends should use the link to do the same, at a reduced price.  Knowing me too well (I would never brag about a stereo system like I would do about a Mulberry handbag or a nice scarf), my friends alerted me quickly.  I changed the password for that email and that was the end of my advertising. However, some hacking is not so innocent.  Scammers can be sophisticated, often combining several persuasion techniques to get you to send them money, and not small amounts either. What can start with a simple password hacking can quickly turn into sophisticated persuasion technique and I will explain how. 


We are all brought up to be nice to others and help our friends and family.  Society as a whole is built on those fundamental unspoken rules and this is ingrained in us. We help our friends and family and they help us, when in need. Scammers know this. They also know that, where one would usually be suspicious to get an email from a stranger, asking for money, they would be less cautious if that email came from a friend.

17917187_10154413012650918_4569783566057610658_o.jpg

Humans are social beings. Our lives are built on helping those we care about.

The scam usually consists of an email from your friend (whose email has been compromised), or a person that you know well, telling you they have been stranded on holiday, their possessions stolen and they need some money to get new passports and to get home. Naturally, you are horrified and consider helping. They tell you to wire money to them via Western Union in a particular country to help them get their affairs in order. If you do, money is lost forever and there is little anyone can do for you.  Research found that phishing emails are much more successful when coming from a friend than a stranger, which means that if a scammer invests a bit of time to research things about you before launching a phishing attack, they will be way more successful in attaining funds. Since this is costly to the perpetrator, amounts are usually considerable. This type of scam can be perpetrated via phone, email or social media.

If you ever get an email from a close friend asking for help, if you can, give them a call instead to check the facts first, even when the email tells you they cannot be reached. If you cannot get hold of them, you could respond to the email expressing your concern but also asking a random question such as " how is your son coping?' - when you know that this particular friend doesn't have a son.  Chances are that the scammer will not know this and will respond saying that the son is distressed etc.  Or something similar.  If it is a genuine request by a friend, they won't mind and you will get a warning sign if it is not a genuine friend of yours.  It is also good to let your friend know by some other means that their account has been compromised and urge them to change passwords connected to that email.  This also means passwords connected to any social media that they use with the email in question, just to be sure. 

Phishing emails are usually obvious but every now and again, they can surprise you. Using social component of our lives against us makes them that much more convincing. We trust our friends where we would never trust a stranger, which can be turned against us. Trust is good. It’s an integral part of social relationships, allowing us to make bonds with people we care about. But in this day and age, it can also be our downfall. Trust but verify.

'Fake it till you make it' - psychology in fake reviews

Online customer reviews have revolutionised the way we shop. Having instant feedback about a product, service or a customer can help one avoid bad purchases and guide decisions. People are attracted to reviews. However, scammers are too. Why is that?

As human beings, we shape our beliefs and our behaviours by observing others, how they behave and what they believe in. This is known as social proof. Exchanging and sharing experiences, talking about our likes and dislikes, about what makes us happy and what makes us angry. We are social. This is why reviews can be so influential. In real life, this translates to word of mouth, which is harder to fake, but online, creating a fake review is relatively easy.

13575907_10153652269590918_2725800473080399008_o.jpg

We look to others to define our reality.


There are several good guides how to spot fake reviews .There are plenty of reviews online that are shill reviews (or covert advertising), planted by marketing teams to excite people about a particular product. Shill reviews can also be left on social media or forums as this adds credibility and companies may even offer the product free of charge or offer discounts in return for a review, which in some cases, such as on websites that specify whether the reviewer has purchased the product, can add additional credibility to the review.

Many companies that offer a platform on which sellers and buyers come together (e.g. eBay, Amazon, AirBnB) will have problems with fake reviews, but may also have problems with fraudulent activities that exploit the review system to appear legitimate. For example, a fraudulent account that is selling substandard products purporting to be quality or branded products may initiate several verified reviews by pretending to be both, a seller and a buyer. The initial costs associated with that process (such as eBay fees) are irrelevant given the credibility and legitimacy it creates (a product reviewed by satisfied customers will appear legitimate and foster trust). Therefore it is easy to see why some people fake reviews. Fake reviews can also be part of new ‘brushing scams’, where people receive parcels and goods they never ordered so that fake reviews can be generated.


Why is it important to look at fake reviews through psychology?


By understanding motivation behind fake reviews and the persuasive techniques used to create them, we can learn to spot what is real and what is fake.

Slide1.jpeg
 

So what is psychology behind fake reviews?

Fake reviews employ something known as ‘social proof’ or tendency to look at others to define our reality. As stated above, we look to others to see what they do, how they behave and what they believe in and we adjust our behavior accordingly. People will trust things that are backed by other people. What a fake review does is establishes a dialogue with a desired customer, where a person leaving a review is able to persuade someone reading that review that the product they are looking at is just what they need. There are several persuasion techniques that allow this. If a desired audience can be identified, parallels can be drawn with that audience in a review, emphasizing similarities between a reviewer and a potential customer (this is a known scam technique). Then, a reviewer may concentrate on statements that emphasize life changing properties of the product, which are made specifically to evoke positive emotions. fake reviews may even mention risks or a high cost, but these will be minimized quickly by concentrating on the fact that the risk was worth taking. When people see others take risks, they feel more confident in taking the risk themselves.


These techniques and the way they are executed are frequently adapted or modified by scammers, especially when they become well known and predictable, therefore it is imperative to research and evaluate them frequently and adapt fraud prevention measures accordingly.

Are security warnings making us fatigued?

Internet security, software and anti-virus updates - we are all aware of these and many of us frequently ignore them and now there is some research on why that is. People may be experiencing ‘security fatigue’ due to the amount of security warnings out there, and this may be dangerous as it leads to less caution. Having so much security or fraud advice from different sources, can confuse and intimidate users to the point that they ignore all advice. For example, in real life, we have limited time for making decisions. When there is too much information to consider, it’s easier to ignore all information than trying to figure out which security advice should be followed.

17155483_10154294576425918_3362219899975784474_n.jpg

Badly designed security warnings are largely ignored

In a research study by Egelman, Cranor & Hong, participants that willingly gave their details to a fraudulent website created for the experiment, explained they did so because they did not understand the risks and said they frequently ignore security advice. Therefore, warnings barked at people without properly explaining why there is a need to be cautious may not be the best way forward. Having simple advice, concentrating on fraud elements that are mostly stable (e.g. scam techniques or personal vulnerabilities), as well as individual factors (e.g. personality or circumstances that influence fraud compliance) may be a better way in fight against fraud. This is supported by research that looked at how individual differences impact privacy attitudes (Egelman & Peer, 2015).


Designing good security advice is an art. Just as criminals use specific persuasion techniques to influence compliance, security advice that is not compelling will be largely ignored.
For example, research by Modic & Andersen found that security warnings that used concrete (explanation of what malware does to a computer), rather than vague (message saying access is blocked due to security concerns) threats were more effective.  They also found that adding cues to authority (e.g. security team has identified this site is dangerous) to a security message was more effective than social cues (e.g. your friends have already been scammed). This means that people seem to appreciate concrete advice coming from those that they perceive are experts in the field, rather than being inundated by vague or conflicting security advice that can be found in abundance online.

 

There is another aspect to consider and that is a potential for alienating customers. Many companies invest money in fraud prevention measures that reduce revenue lost to fraud but forget about fraud prevention advice for their customers. This is often just an afterthought and I have seen many legitimate emails contain really outdated scam advice within their content. This includes telling customers that they can trust emails that have their name in the content or to pay attention to spelling. Fraud is an organized crime and scammers have realized that a little bit more effort invested in designing phishing content tends to pay big dividends. Often this means that they get some data on the potential victim and can offer personal information as a way of enhancing credibility of the correspondence.

If your customer receives a phishing email bearing your logos, and they remember your outdated phishing advice, which is no longer valid, they may get scammed.

Once this happens they will forever have a negative view of your brand. They will no longer trust you.

Many fraud victims I interviewed told me about lack of trust following victimization. And sometimes this mistrust gets attached to companies whose credentials were misused by scammers. The best you can do for your customers is keep any fraud prevention advice current and relevant.

When a person is defrauded, they suffer great psychological distress. It is not just about the lost funds, it is about deception, about morals. On a rational level, a victim of a phishing attack bearing your company logo will know that you did not cause this but on an emotional level, they will forever associate your brand with not being able to trust you. This is why it’s important to have the best possible fraud prevention advice for your customers, to make it engaging, relevant and personal and to update it frequently.

Miracle cures and clairvoyant scams

In 1800s, a magician and a showman Phineas Taylor Barnum wrote a book called “Humbugs of the world”. By ‘humbugs’ he was referring to old fashioned swindles and scams. Many are still being used today, such as fake lotteries, miracle cures and clairvoyant scams, which just goes to show that scams have always been lucrative. In fact, Barnum was such a great trickster, that one of the cognitive biases (the original Forer effect) was renamed after him.

Picture credit: https://www.pinterest.co.uk/pin/35043703324205786/

Picture credit: https://www.pinterest.co.uk/pin/35043703324205786/

P.T. Barnum was a magician and a showman in the 1800s. He wrote a book about old fashioned scams, many of which are still used today.

The Barnum effect

The Barnum effect refers to the acceptance of vague personality feedback that could apply to anyone, as highly accurate description of one’s personality. Giving vague feedback is often a component of clairvoyant scams, where a victim will be given universally valid description of their personality as proof that a clairvoyant is genuinely able to see things. Description will be accurate because it is vague and it is true of almost everyone. In the original experiment, psychologist named Bertram Forer used sentences he collected from daily horoscopes and gave them to participants as bona fide personality feedback following psychometric tests. All participants received the same feedback. He then asked participants to rate how accurate the feedback is and was surprised to find that participants were rating it as highly accurate. This is how clairvoyants or psychics can make you feel that they know something about you, when in fact, they are providing such vague feedback, which can apply to anyone and not just you.

Miracle cures

I wanted to also explain a bit about scams people don’t often hear about, unless they have a health problem or an issue they feel too embarrassed to talk to their doctor about - scams offering ‘miracle cures’. Miracle cure scams tend to target people who are either desperate because they have tried everything without success (and this often sadly includes terminally ill people) or those that have chronic or embarrassing conditions. Research found that these types of scams often purport to have cures for diabetes, cancer, baldness, obesity, impotence and loss of libido.

Miracle cures often target embarrassing conditions and use fake testimonials.

Fake testimonials provide social proof we, as humans, often seek when making decisions.

Screenshot 2019-01-31 at 09.15.22.png

Some miracle cure scams may have professional or legitimate looking appearance, such as being endorsed by health clinics or doctors, but they are largely ineffective and could also be dangerous. Scams selling cures often use social proof cues, such as fake testimonials. Social proof is a known scam technique and is highly effective.
People define their reality by looking to others, how they behave, what they do and what they believe in and act accordingly. Therefore fake reviews and testimonials can be highly effective, especially when we are desperate to believe in something, such as a miracle cure to an embarrassing problem.

These types of scams affect women more than men and are rarely reported, which is why they are not talked about as much as some other types of scams (e.g. financial or romance). Often, people may not know they have been defrauded when it comes to clairvoyant or miracle cures scams, because the product was received (e.g. vitamins or supposed cures) but purchasing a product that claims to cure a disease when it actually does nothing is also fraud and should always be reported to the authorities.

Grooming techniques in fraud

In the olden days when scammers relied on selling you something, an overpriced double glazing or a miracle product, they were usually easily spotted due to their fake smiles, polished suits and a skill, not unlike that of a python, of being able to squeeze every last penny out of you.  They were ruthless, arrogant, forceful, and it was easier to spot the warning signs of being scammed.  We have all heard scary stories about window salesmen who refused to leave your home hours after they have given you a quote for the new windows and you told them you would like them to leave at least 50 times.  But what people don’t realise is that modern scammers have evolved. They are no longer forceful or arrogant and they often address our needs. Hope of a large investment on your pension savings, hope of finding your one true love, hope of a miracle oil that will help your loved one battle cancer when their oncologist has run out of hope or hope of buying a time share apartment that will bring you nothing less but a secure income in old age. Scammers have become slick, smart, calculated, embracing innovation and using psychology to get the victims to comply.  

For example, research into dating scams found that scammers invest hours upon hours of communication with their victims. Sometimes lasting several months and sometimes very intense communication, which helps to cultivate an interpersonal relationship between a victim and a scammer, which is hard to override.  Frequently they send gifts in the beginning too, making the relationship seem genuine and loving, even to victim’s friends and family. The more the victim communicates with the scammer, the easier it becomes for the scammer to get what they want in the end.  And before the blame is placed on the victims being gullible, let me explain how this exchange might work.  

17990471_10154415279710918_5490147654963895127_o.jpg

Fraud victims are often groomed, sometimes for months

As children we were brought up to share, be nice and return favours.  These are simple societal rules that help us nurture relationships we have with others.  When a stranger asks us to give them money out of the blue, we have no problem saying no.  But when a friend asks, especially if they have done us favours in the past, we will feel obliged to help them.  It’s known as reciprocity and it’s ingrained in us. Those that don’t observe this rule are thought of as selfish or uncivilised.  Reciprocity rule is a strong evolutionary tool which helped us survive, form bonds, keep friends… but it is also a powerful tool for a scammer and is a known scam technique. Scammers, and this is especially true of dating scams in which women are victims, often send small presents to their victims, flowers, perfume, small tokens of love. This ensures that somewhere down the line, the victim feels bad about not reciprocating. In dating scams, the usual technique is for scammers to claim to be in different countries as doctors or soldiers. When they eventually ask for money for an operation or the plane ticket or a solicitor or some other worthy cause, the lengthy communication, the attention, the gifts that the victim received will make them feel obliged to help the scammer even if they feel uncomfortable about it. This is because we have been pre programmed to return kindness.

Scammers can groom victims in many ways. For example, some financial scams perpetrated over the phone would use grooming techniques. A scammer would typically call the victim daily and befriend them, even sharing details of their lives (usually mimicking victim’s circumstances, beliefs or likes). This not only fosters trust between a victim and a perpetrator but also makes it difficult for the victim to report the crime once they start to suspect something is wrong, because they feel guilty. This means that the scammer can go on scamming more people in the meantime. Often, scammers will also ask the victim to keep the transaction or a relationship a secret. This also plays into their hands and avoids detection.

It is often difficult to detach yourself once you are involved in a pattern but if you suspect you might be groomed by a scammer, talk to your friends and family about it, ask for help and search online for fraud advice which may make things clearer and make it easier to report fraud.

Nigerian scams are still very much alive

Nigerian or advance fee - 419 scams have been around for decades.  They usually contain a story of a bank official who has spotted an account with funds that are unclaimed and needs someone to help him get the money out of the account without it being in his name. This is somewhat illegal and he needs help of someone who can receive the money in their account and be paid for it.  Sometimes it is a royal person, a distant prince, rich widow unable to leave money to anyone, someone dying of cancer with wealth to give away and so on.   Once the victim replies, they request conversations, befriending the victim and eventually ask for fees to process legal papers.  The victim never sees the money they were promised.  Worse still, sometimes the victim will receive a fake cheque and cash it, wire the money to the person that is asking them to launder money and then find out the cheque was fake after few days, losing funds they sent. 

Sometimes victims are not even after money but simply believe they are helping the person as the stories are often elaborate.  In the past, Nigerian scams were executed via postal means, incurring a cost to the scammer.  With the invention of the fax and the phone, they became more prevalent and the Internet finally allowed them to become almost an everyday occurrence for most people while not costing much to execute.  Research also stipulates that they are now so well known that they are purposely used to identify the most vulnerable victims, whose details are then sold to other scammers too. 

Recently I have been contacted by someone asking me to warn about a scam purporting to be a girl from a refugee camp, but upon reading the email, I realised it was a spin off, a Nigerian type scam with a new twist to fit the current times. Briefly, the story is about a girl who is in a Syrian refugee camp and needs someone to help her get the money that her late and wealthy father deposited in the bank. This is a complex story and I decided to explain why it is complex and how it is written with a view to persuade in the future.  The initial emails asks only that the victim listens to the story but even acknowledging the email might be dangerous if you are uncomfortable saying no. Here is why:


The story starts with an account how the girl lost her mother and father to a violent murder and her consequent life in a refugee camp.  She prays to get out of her situation.  Without explaining what she wants from the victim yet, she asks for trust and not to be betrayed and asks to know more about the potential victim.  This part is likely to elicit empathy towards her situation - who would not feel empathy when someone tells you about their parents' murder.  Asking to know about you is likely to induce feelings of familiarity and closeness, as if you are friends, once you share this information and people help their friends.  She asks for trust and not to be betrayed. You may not think about these words at this point but when the request comes you may feel uncomfortable saying no, because you will feel as if you are betraying her, despite the doubts you might feel. 

persuasive elements in Nigerian type scams

persuasive elements in Nigerian type scams

Second part tells more about her situation in the camp and the pastor who is helping her to email a random person across the globe.  It also gives the pastor's telephone number.  The victim will probably not use it but if they do, it will add credibility to the story. The endearments used are to evoke feelings of closeness, the mention of the secret too - we tell secrets to those we are close to so potential victim might feel privileged they were entrusted with the secret.  She then explains about her father's fund that contains millions, that she cannot access and makes a request.

Scammers often put victims in a position of trust, by making themselves appear vulnerable. This gives the victim a feeling of power but in reality, the scammer holds all the strings.  The girl in this story follows up by reminding you that she requested you to be trustworthy.  Scammers are good at altercasting.
Altercasting, a persuasion technique, is where a person puts the victim in a specific position, often targeting the ego of the person (calling for a man of vision for example) or social norms (understanding and honest people). These types of scams often don’t ask for more than few details and for the recipient to respond to correspondence, which is also a known scam technique. Once invested, it’s harder to back out.

Microsoft research argues that Nigerian type scams are still around and purposely say they are from Nigeria because everyone knows about them. Therefore those that respond and engage with these types of scams are likely to be extremely vulnerable, which means they will, sadly, be a sure thing for a scammer. Their details are harvested and sold to other scammers who will further exploit them. If you have elderly or isolated neighbours, especially if they are not so internet savvy, talk to them about scams. Often knowing something about scams can be enough to protect from becoming a victim.

Do you suffer from a lack of 'NO'

Do you have difficulty saying no to people?  Especially if they are assertive and forceful?  You are not alone.  I will explain how scammers exploit our inability to say no in more ways than one. 

Some people have difficulty saying firm 'NO' to people that are forceful, whereas some get rebellious when they encounter those with arrogant or forceful personalities.  If you recognise yourself as someone who has difficulty with strong personalities, you may be vulnerable to specific scam techniques, especially when the scam is executed face to face.  Scammers look for victims that are going to comply and often can tell within a few seconds of meeting you, whether you are likely to be a victim.  If you find confrontations uncomfortable and have been known to go along with things that you don't want to do when people assert themselves over you, then you are particularly vulnerable to forceful scam techniques employed by scammers that usually target people door to door.  Often we are brought up to be polite and saying no somehow registers as being rude, especially if we feel that we have wasted someone's time.  This is why double glazing salesmen come to your home for 3 hour demonstration; after 3 hours you are likely to feel guilty you wasted their time, despite the fact you don't owe them anything and it is up to them how long they take demonstrating.  Many people have difficulties saying no for this reason.  So what can you do about it?  First of all, it is good to be aware of individual vulnerability and look for ways of adapting to avoid situations that would lead to compliance with unwanted purchases/deals.  


25299705_10155005441605918_146184627938350371_o.jpg

Saying no can feel like being rude or disrespectful.

It’s not.

1. Practice saying 'no, thank you'.  It is perfectly OK to say no to people.  If they are selling something and spent time telling you about it, don't feel guilty as this is their job.  You only need to decide if you want what they are selling.   


2. Understand that this will make you vulnerable to similar things forever and think of ways of getting out of situations that force you to feel uncomfortable.  One of the people I spoke to that had a similar problem told me that he lies to people in such situations, telling them he has no money at present.  You can also say you need someone else to make a decision before going ahead.  If the salesmen mocks you for wanting to run a decision past someone first, please be aware this is also a persuasion technique and don't give in.  Who cares what a random stranger selling you something thinks of you.  


3. Another thing you can do is to tell them to come back when someone else is with you.  This is not a no, it is more 'not now'.  Genuine salesmen will respect this and come back another time.  Ask them to make a solid appointment or give you the number to call to make an appointment when you arrange with a friend/family member to be present.  

If you think that only people who have difficulty with pushy scammers are vulnerable, think again.  Even if you react to forceful and aggressive people pushing you to do something you don't want to do, you can still be caught out by inability to say no, but it will be more subliminal. 

We tend to comply more when a person before us is affable, likeable or appears to be similar to us.  This is how scammers get our trust quickly.  In the absence of any solid experience with the person in front of us, our brain will make short cuts and concentrates on certain features; attire, politeness and so on.  We all make judgements on daily basis and often these judgments need to be quick, therefore they are based on our previous experience.  For example; if you dealt with a person of a certain religion, race and so on and you had good experience, it is likely that you will assign that good experience to a whole religion or race until you get a different experience.  Same with people who seem similar to us in some way.  Scammers often impersonate their victims for this reason; they may say they grew up locally, know someone from the country you are from and so on.  They may ask you questions about your life style and tell you they feel the same about certain things you tell them.  All of this will make you like them more and the more you like them, the less able you will be to say no when they make a request for a payment.  So what can you do in such situations? 


1. Understand that saying no to someone who is trying to sell you something is not the same as saying no to someone who helped you many times before and is an established friend.  You don't owe them anything, even if you feel that you do, this is just psychology.  


2. Be extra careful if someone you are dealing with (where large sums of money are involved or where someone asks you for money) seem to be 'your kind of person' or seems to click with you, especially in a short time frame.  This is especially true of romance scammers - they will often be great listeners and the more you tell them about what you need/want, they more they will appear to be just what you are looking for.  You can lie and say you have no money just now.  Or talk it over with friends and family to get a non biased opinion, but also listen to their opinion.  Many people disregard their friends or family's opinion.  As they say... two heads are better than one.  It really is true. 


3.  A truly nice salesman will always be as friendly the next day or next week.  Make a rule to never do anything in the moment.  Come back tomorrow or arrange another meeting if you really want the product.  Use the time to think about the product/investment away from the person selling it.  When you separate the two, you may realise that you liked the product because you actually liked the person selling it.  


And always, use the time away to check the facts in every possible way before you commit to parting with your money.