By Graeme Zwart, Head of Security
Scams may change but the underlying psychology doesn’t. We present five weapons in the scammer’s armoury, plus some effective countermeasures.
Scammers are smart. They’re also lazy. Why break down the front door, when they can enter a company via a side or back door? Scammers use the simplest, cheapest methods to get the job done. They exploit weaknesses in systems and processes, but mostly in humans because it’s quicker, easier and cheaper to hack a human.
Humans are fallible. They can easily be tricked into giving out an important password. Or making a payment, which they think is legitimate but is actually fraudulent. This can happen at home or at work, as it relies on our fundamental human nature.
Criminals are master manipulators. But manipulation is like a magic trick. Once you know how the trick works, you’re less likely to be blind sided.
Here are five weapons in the scammer’s armoury as well as some countermeasures.
Misdirection
Pickpockets can’t steal your watch if you’re looking at it. They have to misdirect you. They need an excuse to get close enough and divert your attention.
Scammers also use misdirection to get victims to drop their guard and focus on what the scammers want them to without realising it.
For example, scammers may send an e-mail saying that fraud has been detected on your account. Did you make a purchase for €20,000 on office furniture?
Immediately, you’re thinking about the money leaving your account. Not about this e-mail having arrived suddenly from a suspicious e-mail address. Or about the link that you can click to inform the bank that you didn’t make this purchase.
Beware of an appeal that triggers an emotional response. It may be fear, uncertainty or doubt. This could be an attempt to prevent you thinking and acting rationally. Take five minutes to think things through. Discuss it with a colleague for a second opinion.
Opportunity
Everyone loves a good deal. If someone feels they’ve paid a lower price or got a better product than the next person, so much the better. Scammers exploit this.
They may try to dupe victims with great opportunities or headline rates, limited time offers or wholesale prices not available to the general public.
If your focus is on securing this great opportunity for yourself or your business, you can be manipulated. The scammer directs your attention away from the fact it’s an advance fee fraud, procurement fraud or a potential data security trap.
If it sounds too good to be true, perhaps it is. Be sceptical. Approach documents, transactions and deals with a questioning mind. Be wary of unsolicited approaches by phone, text or e-mail.
Time pressure
Scammers like to pressure people into acting quickly. Why? Because they’re more likely to make mistakes or simply not realise that they’re being scammed.
People acting on emotion and gut instinct, rather than information and analysis, are easier to manipulate. So, beware if someone creates a false sense of urgency by claiming limited supply, asking for an immediate commitment or expedited payment.
A good deal is still going to be there in five minutes. So, take a moment to stop and think before you click a link, reply to a text message, call anyone back or part with money or information.
Social compliance
People are generally honest, law-abiding and obedient. That’s why so many scams involve impersonating someone official or in authority, such as the police, tax office or bank.
It’s the same with CEO or bogus boss fraud. No-one wants to disobey or displease the boss, particularly if they say the request is urgent and/or confidential.
A-B-C can be a good countermeasure. The police use it when interviewing suspects. Assume nothing. Believe nothing. Challenge everything.
Social proof
Humans are social creatures. Social conformity is strong in most cultures. We are constantly looking for clues as to how to behave by observing others around us.
Pyramid schemes exploit social norms by targeting specific professional, religious or ethnic groups. Leaders within the group are recruited first. They in turn promote the scheme to others, who don’t want to feel that they’re missing out.
Beware if an approach exploits a professional network, seniority within a company, friendship or trust. Be suspicious if you’re asked to keep the request secret from colleagues, friends or family.
Some scams may involve more than one weapon in the scammer’s armoury. For example, misdirection with an attractive opportunity available for a limited time only, which competitors or colleagues in a different department have already ordered. If anything, this makes scams easier not harder to spot.
Don’t be afraid to reject, refuse or ignore any requests. Only criminals will try to rush or panic you. If you think you’ve been approached or fallen for a scam at work, know how to report this internally.