Successful layering

Scams can be extremely sophisticated, yet for many people, a typical scam is a Nigerian prince asking for help to launder money or a desperate, and dare I say naive, scammer that was talked into holding ‘I can’t believe it’s not butter’ sign, hoping this would get them some funds. But the reality is much darker. Good scammers are very good at psychology and often design frauds by layering different fraud techniques, all designed to complement each other for greater success. For example, scams that evoke visceral influence (fear, panic or greed) will usually have time limits attached to them also (e.g. offer expires, you have 24 hours etc.). This is to ensure that the potential victim has no time to regain composure. Under visceral influence, careful deliberation is compromised and we tend to focus on superficial things, like the size of the reward, attractiveness of the offer or even on the scammer, many of whom are polished, charming and will appear trustworthy. Any inconsistencies will be disregarded in favour of these superficial cues, because when one is under the visceral influence, they are likely to focus on goals associated with that influence. This is why you are always told not to go shopping for groceries hungry and it’s equally true of acting on anything when intense fear or excitement has been evoked.

Scams that appeal to social norms, often use altercasting too. Altercasting is another persuasive technique, where a perpetrator will put a victim in a specific role that is congruent with their goals. For example, I have seen advance fee scams that use narratives where either an orphan girl, a widow or even a pastor appeals for help (social norms) and the victim is placed in a role of a friend or a confidante, where a perpetrator will trust the victim with confidential or deeply personal information before asking for funds down the line. By that time the victim has been acting as a friend or an advisor and this role is likely to help facilitate the fraud, because they will be more likely to help.

Screenshot 2019-03-18 at 10.09.25.png


Scammers often layer persuasion techniques for greater impact.

In conjunction with other individual factors, these techniques can be very effective.

 

Other factors also come into play. Different circumstances, for example, have been known to influence compliance in certain scam situations. Or certain individual characteristics, such as lack of vigilance or impulsivity. For example, if you are down on your luck, looking for work and you are running out of money, you will be more likely to take risks and consider financial opportunities that don’t look very sound. You may be more likely to concentrate on potential rewards instead of any negatives associated with high return investments. If you are also more compliant in general, it is even more likely that, when persuaded to do so, you will decide to go along with something you have some reservations about. Of if you are more impulsive, you may act quickly, without allowing the time to think about your decision. All of these factors combine (or layer) to produce a unique vulnerability score.

Many frauds are still relatively simple. Badly constructed phishing email that will bring a smile to your face, for example, but many are far from simple. It all comes down to how good the scammer is and how motivated they are in developing a highly credible looking, psychologically designed frauds that create situations that can be highly persuasive, and how they go about executing them. The more effort they invest, the more lucrative the venture will be, so it’s good to be vigilant and not underestimate what fraudsters are able to do by concentrating only on badly designed scams that are easy to spot.

A friend in need is friend indeed: How scammers exploit social norms

We all have had our email hacked at least once.  When my email was compromised, my scammer/hacker did little more than spam my friends with adverts for electronic goods with a personalised message from (supposedly) me, saying that I just bought this amazing stereo system and my friends should use the link to do the same, at a reduced price.  Knowing me too well (I would never brag about a stereo system like I would do about a Mulberry handbag or a nice scarf), my friends alerted me quickly.  I changed the password for that email and that was the end of my advertising. However, some hacking is not so innocent.  Scammers can be sophisticated, often combining several persuasion techniques to get you to send them money, and not small amounts either. What can start with a simple password hacking can quickly turn into sophisticated persuasion technique and I will explain how. 


We are all brought up to be nice to others and help our friends and family.  Society as a whole is built on those fundamental unspoken rules and this is ingrained in us. We help our friends and family and they help us, when in need. Scammers know this. They also know that, where one would usually be suspicious to get an email from a stranger, asking for money, they would be less cautious if that email came from a friend.

17917187_10154413012650918_4569783566057610658_o.jpg

Humans are social beings. Our lives are built on helping those we care about.

The scam usually consists of an email from your friend (whose email has been compromised), or a person that you know well, telling you they have been stranded on holiday, their possessions stolen and they need some money to get new passports and to get home. Naturally, you are horrified and consider helping. They tell you to wire money to them via Western Union in a particular country to help them get their affairs in order. If you do, money is lost forever and there is little anyone can do for you.  Research found that phishing emails are much more successful when coming from a friend than a stranger, which means that if a scammer invests a bit of time to research things about you before launching a phishing attack, they will be way more successful in attaining funds. Since this is costly to the perpetrator, amounts are usually considerable. This type of scam can be perpetrated via phone, email or social media.

If you ever get an email from a close friend asking for help, if you can, give them a call instead to check the facts first, even when the email tells you they cannot be reached. If you cannot get hold of them, you could respond to the email expressing your concern but also asking a random question such as " how is your son coping?' - when you know that this particular friend doesn't have a son.  Chances are that the scammer will not know this and will respond saying that the son is distressed etc.  Or something similar.  If it is a genuine request by a friend, they won't mind and you will get a warning sign if it is not a genuine friend of yours.  It is also good to let your friend know by some other means that their account has been compromised and urge them to change passwords connected to that email.  This also means passwords connected to any social media that they use with the email in question, just to be sure. 

Phishing emails are usually obvious but every now and again, they can surprise you. Using social component of our lives against us makes them that much more convincing. We trust our friends where we would never trust a stranger, which can be turned against us. Trust is good. It’s an integral part of social relationships, allowing us to make bonds with people we care about. But in this day and age, it can also be our downfall. Trust but verify.

Grooming techniques in fraud

In the olden days when scammers relied on selling you something, an overpriced double glazing or a miracle product, they were usually easily spotted due to their fake smiles, polished suits and a skill, not unlike that of a python, of being able to squeeze every last penny out of you.  They were ruthless, arrogant, forceful, and it was easier to spot the warning signs of being scammed.  We have all heard scary stories about window salesmen who refused to leave your home hours after they have given you a quote for the new windows and you told them you would like them to leave at least 50 times.  But what people don’t realise is that modern scammers have evolved. They are no longer forceful or arrogant and they often address our needs. Hope of a large investment on your pension savings, hope of finding your one true love, hope of a miracle oil that will help your loved one battle cancer when their oncologist has run out of hope or hope of buying a time share apartment that will bring you nothing less but a secure income in old age. Scammers have become slick, smart, calculated, embracing innovation and using psychology to get the victims to comply.  

For example, research into dating scams found that scammers invest hours upon hours of communication with their victims. Sometimes lasting several months and sometimes very intense communication, which helps to cultivate an interpersonal relationship between a victim and a scammer, which is hard to override.  Frequently they send gifts in the beginning too, making the relationship seem genuine and loving, even to victim’s friends and family. The more the victim communicates with the scammer, the easier it becomes for the scammer to get what they want in the end.  And before the blame is placed on the victims being gullible, let me explain how this exchange might work.  

17990471_10154415279710918_5490147654963895127_o.jpg

Fraud victims are often groomed, sometimes for months

As children we were brought up to share, be nice and return favours.  These are simple societal rules that help us nurture relationships we have with others.  When a stranger asks us to give them money out of the blue, we have no problem saying no.  But when a friend asks, especially if they have done us favours in the past, we will feel obliged to help them.  It’s known as reciprocity and it’s ingrained in us. Those that don’t observe this rule are thought of as selfish or uncivilised.  Reciprocity rule is a strong evolutionary tool which helped us survive, form bonds, keep friends… but it is also a powerful tool for a scammer and is a known scam technique. Scammers, and this is especially true of dating scams in which women are victims, often send small presents to their victims, flowers, perfume, small tokens of love. This ensures that somewhere down the line, the victim feels bad about not reciprocating. In dating scams, the usual technique is for scammers to claim to be in different countries as doctors or soldiers. When they eventually ask for money for an operation or the plane ticket or a solicitor or some other worthy cause, the lengthy communication, the attention, the gifts that the victim received will make them feel obliged to help the scammer even if they feel uncomfortable about it. This is because we have been pre programmed to return kindness.

Scammers can groom victims in many ways. For example, some financial scams perpetrated over the phone would use grooming techniques. A scammer would typically call the victim daily and befriend them, even sharing details of their lives (usually mimicking victim’s circumstances, beliefs or likes). This not only fosters trust between a victim and a perpetrator but also makes it difficult for the victim to report the crime once they start to suspect something is wrong, because they feel guilty. This means that the scammer can go on scamming more people in the meantime. Often, scammers will also ask the victim to keep the transaction or a relationship a secret. This also plays into their hands and avoids detection.

It is often difficult to detach yourself once you are involved in a pattern but if you suspect you might be groomed by a scammer, talk to your friends and family about it, ask for help and search online for fraud advice which may make things clearer and make it easier to report fraud.

Nigerian scams are still very much alive

Nigerian or advance fee - 419 scams have been around for decades.  They usually contain a story of a bank official who has spotted an account with funds that are unclaimed and needs someone to help him get the money out of the account without it being in his name. This is somewhat illegal and he needs help of someone who can receive the money in their account and be paid for it.  Sometimes it is a royal person, a distant prince, rich widow unable to leave money to anyone, someone dying of cancer with wealth to give away and so on.   Once the victim replies, they request conversations, befriending the victim and eventually ask for fees to process legal papers.  The victim never sees the money they were promised.  Worse still, sometimes the victim will receive a fake cheque and cash it, wire the money to the person that is asking them to launder money and then find out the cheque was fake after few days, losing funds they sent. 

Sometimes victims are not even after money but simply believe they are helping the person as the stories are often elaborate.  In the past, Nigerian scams were executed via postal means, incurring a cost to the scammer.  With the invention of the fax and the phone, they became more prevalent and the Internet finally allowed them to become almost an everyday occurrence for most people while not costing much to execute.  Research also stipulates that they are now so well known that they are purposely used to identify the most vulnerable victims, whose details are then sold to other scammers too. 

Recently I have been contacted by someone asking me to warn about a scam purporting to be a girl from a refugee camp, but upon reading the email, I realised it was a spin off, a Nigerian type scam with a new twist to fit the current times. Briefly, the story is about a girl who is in a Syrian refugee camp and needs someone to help her get the money that her late and wealthy father deposited in the bank. This is a complex story and I decided to explain why it is complex and how it is written with a view to persuade in the future.  The initial emails asks only that the victim listens to the story but even acknowledging the email might be dangerous if you are uncomfortable saying no. Here is why:


The story starts with an account how the girl lost her mother and father to a violent murder and her consequent life in a refugee camp.  She prays to get out of her situation.  Without explaining what she wants from the victim yet, she asks for trust and not to be betrayed and asks to know more about the potential victim.  This part is likely to elicit empathy towards her situation - who would not feel empathy when someone tells you about their parents' murder.  Asking to know about you is likely to induce feelings of familiarity and closeness, as if you are friends, once you share this information and people help their friends.  She asks for trust and not to be betrayed. You may not think about these words at this point but when the request comes you may feel uncomfortable saying no, because you will feel as if you are betraying her, despite the doubts you might feel. 

persuasive elements in Nigerian type scams

persuasive elements in Nigerian type scams

Second part tells more about her situation in the camp and the pastor who is helping her to email a random person across the globe.  It also gives the pastor's telephone number.  The victim will probably not use it but if they do, it will add credibility to the story. The endearments used are to evoke feelings of closeness, the mention of the secret too - we tell secrets to those we are close to so potential victim might feel privileged they were entrusted with the secret.  She then explains about her father's fund that contains millions, that she cannot access and makes a request.

Scammers often put victims in a position of trust, by making themselves appear vulnerable. This gives the victim a feeling of power but in reality, the scammer holds all the strings.  The girl in this story follows up by reminding you that she requested you to be trustworthy.  Scammers are good at altercasting.
Altercasting, a persuasion technique, is where a person puts the victim in a specific position, often targeting the ego of the person (calling for a man of vision for example) or social norms (understanding and honest people). These types of scams often don’t ask for more than few details and for the recipient to respond to correspondence, which is also a known scam technique. Once invested, it’s harder to back out.

Microsoft research argues that Nigerian type scams are still around and purposely say they are from Nigeria because everyone knows about them. Therefore those that respond and engage with these types of scams are likely to be extremely vulnerable, which means they will, sadly, be a sure thing for a scammer. Their details are harvested and sold to other scammers who will further exploit them. If you have elderly or isolated neighbours, especially if they are not so internet savvy, talk to them about scams. Often knowing something about scams can be enough to protect from becoming a victim.

Do you suffer from a lack of 'NO'

Do you have difficulty saying no to people?  Especially if they are assertive and forceful?  You are not alone.  I will explain how scammers exploit our inability to say no in more ways than one. 

Some people have difficulty saying firm 'NO' to people that are forceful, whereas some get rebellious when they encounter those with arrogant or forceful personalities.  If you recognise yourself as someone who has difficulty with strong personalities, you may be vulnerable to specific scam techniques, especially when the scam is executed face to face.  Scammers look for victims that are going to comply and often can tell within a few seconds of meeting you, whether you are likely to be a victim.  If you find confrontations uncomfortable and have been known to go along with things that you don't want to do when people assert themselves over you, then you are particularly vulnerable to forceful scam techniques employed by scammers that usually target people door to door.  Often we are brought up to be polite and saying no somehow registers as being rude, especially if we feel that we have wasted someone's time.  This is why double glazing salesmen come to your home for 3 hour demonstration; after 3 hours you are likely to feel guilty you wasted their time, despite the fact you don't owe them anything and it is up to them how long they take demonstrating.  Many people have difficulties saying no for this reason.  So what can you do about it?  First of all, it is good to be aware of individual vulnerability and look for ways of adapting to avoid situations that would lead to compliance with unwanted purchases/deals.  


25299705_10155005441605918_146184627938350371_o.jpg

Saying no can feel like being rude or disrespectful.

It’s not.

1. Practice saying 'no, thank you'.  It is perfectly OK to say no to people.  If they are selling something and spent time telling you about it, don't feel guilty as this is their job.  You only need to decide if you want what they are selling.   


2. Understand that this will make you vulnerable to similar things forever and think of ways of getting out of situations that force you to feel uncomfortable.  One of the people I spoke to that had a similar problem told me that he lies to people in such situations, telling them he has no money at present.  You can also say you need someone else to make a decision before going ahead.  If the salesmen mocks you for wanting to run a decision past someone first, please be aware this is also a persuasion technique and don't give in.  Who cares what a random stranger selling you something thinks of you.  


3. Another thing you can do is to tell them to come back when someone else is with you.  This is not a no, it is more 'not now'.  Genuine salesmen will respect this and come back another time.  Ask them to make a solid appointment or give you the number to call to make an appointment when you arrange with a friend/family member to be present.  

If you think that only people who have difficulty with pushy scammers are vulnerable, think again.  Even if you react to forceful and aggressive people pushing you to do something you don't want to do, you can still be caught out by inability to say no, but it will be more subliminal. 

We tend to comply more when a person before us is affable, likeable or appears to be similar to us.  This is how scammers get our trust quickly.  In the absence of any solid experience with the person in front of us, our brain will make short cuts and concentrates on certain features; attire, politeness and so on.  We all make judgements on daily basis and often these judgments need to be quick, therefore they are based on our previous experience.  For example; if you dealt with a person of a certain religion, race and so on and you had good experience, it is likely that you will assign that good experience to a whole religion or race until you get a different experience.  Same with people who seem similar to us in some way.  Scammers often impersonate their victims for this reason; they may say they grew up locally, know someone from the country you are from and so on.  They may ask you questions about your life style and tell you they feel the same about certain things you tell them.  All of this will make you like them more and the more you like them, the less able you will be to say no when they make a request for a payment.  So what can you do in such situations? 


1. Understand that saying no to someone who is trying to sell you something is not the same as saying no to someone who helped you many times before and is an established friend.  You don't owe them anything, even if you feel that you do, this is just psychology.  


2. Be extra careful if someone you are dealing with (where large sums of money are involved or where someone asks you for money) seem to be 'your kind of person' or seems to click with you, especially in a short time frame.  This is especially true of romance scammers - they will often be great listeners and the more you tell them about what you need/want, they more they will appear to be just what you are looking for.  You can lie and say you have no money just now.  Or talk it over with friends and family to get a non biased opinion, but also listen to their opinion.  Many people disregard their friends or family's opinion.  As they say... two heads are better than one.  It really is true. 


3.  A truly nice salesman will always be as friendly the next day or next week.  Make a rule to never do anything in the moment.  Come back tomorrow or arrange another meeting if you really want the product.  Use the time to think about the product/investment away from the person selling it.  When you separate the two, you may realise that you liked the product because you actually liked the person selling it.  


And always, use the time away to check the facts in every possible way before you commit to parting with your money. 

Psychology of phishing

Everyone gets phishing emails. For scammers, it is probably the most cost effective way of scamming people. Sometimes phish emails are relatively harmless, but often they can be extremely harmful and trick you into parting with you personal passwords, log in details and bank information.   I wanted to collect a few to show you the types of phishing emails and psychology behind them, language they use and how the message will make you feel and want to react. 


First of all, the biggest and most important message and one I think every fraud agency should use is that phishing emails will have one fundamental thing in common; something to click, be that a link or an attachment. Clicking anything in an email is bad, even if it came from your friends, as people's email accounts can be easily hacked. What you should look for in that case is whether this is out of character for your friend. If so, don't click it. 


Let's examine the most frequent phishing emails and how they persuade. Most phishing emails are designed to evoke visceral states. Visceral states are sexual arousal, hunger, greed, fear and so on. When we are under visceral influence, we are likely to bypass careful information processing and act without proper thinking - because we are acting on that visceral influence. When you are starving, you are likely to eat stuff you would reject otherwise, when you are scared of something, you will do anything to save yourself from danger, when you are attracted to someone, you will do anything to get them... so let's see the language used by phishing emails. 

Screen Shot 2016-08-24 at 19.19.23.png

Emails offering refunds work by evoking excitement at a prospect of getting money we didn’t expect.

The offer of free money often puts one in a visceral state of excitement and/or greed and this is precisely what the scammer wants. They want you to get excited at the prospect of free money enough to act straight away. Who doesn't like a tax refund.

Notice this one also have an expiration date, which will further influence you to act in the moment, fearful that you will miss a deadline.


Emails offering free prizes are similar to refunds. They evoke excitement.

Free prizes are difficult to resist. They work by compromising careful thinking because emotions take over. But it pays to pay careful attention to warning signs. Keeping the vague will reach a greater number of people. See how postcode is not specified in this one?

Also, this email does not have a typical ‘link’ button. Instead, clicking on yes and no buttons does nothing - so you have to click a link under them, confused that you cannot activate the buttons. Scams offering free prizes often use other scam techniques, such as limiting time to respond, which will also compromise information processing.

Emails offering free prizes

Emails offering free prizes

malware.png

Malware emails tend to work by keeping it relevant

Lucky, most virus software filters flag malware attachments these days but note how they targeted me at my university email and they made it very relevant - academics are likely to go to conferences. The more relevant the email appears, the more likely it is that the scammer will be successful so don’t be surprised to see phishing emails that appear highly believable.

 

Emails that evoke fear

Emails suggesting your account has been suspended, compromised or hacked will induce panic and fear and make you want to sort out the problem as soon as possible. When we are in a state of fear, careful thinking is compromised and therefore, vital clues missed. If you did not initiate this download, you will frantically click the link saying cancel and support. In a state of panic, as this is all you can think about.

Phishing emails that prey on your fears

Phishing emails that prey on your fears

This email mentions initiating a download few times, so you get the message that all you have to do is confirm you did not do it yourself and all will be fine.  There is another link lower down and that one will probably lead to a legitimate site - scammers are very good at making everything else look exactly so. 

I still see advice such as 'hover over a link' to see if it is legitimate but this is now outdated.  Good scammers can fake everything, the link will give you an appearance of going to a legitimate place. Email will seem fine.
The only reason why you would need to click a link in an email is if you subscribed to something that minute and you need to verify email or you requested a password change and you need to follow a link.

Scammers cannot get to your details if you don't click links but it helps to understand psychological states the emails are designed to put you in, so you act against your best interests. 

If you are worried about your accounts being compromised, call/log in from another source, never use a link.  

Any unsolicited emails with links are probably not good news.