We all like to think we’re immune to scams. we scoff at emails from an unknown sender offering us £2 million in exchange for our bank details. But the game has changed and scammers have developed new and chilling tactics. they are taking a personal approach and searching the internet for every detail they can find about us.
Scammers are getting so good at this that even cybersecurity experts are falling for it.
one of us (oliver buckley) remembers that in 2018 he received an email from the vice chancellor of his university.
That’s it, I thought. I’m finally getting recognition from the people at the top. although something was not right. Why was the pro-vice chancellor using his gmail address? I asked how he could find me. he needed me to buy £800 worth of itunes gift cards for him, and all he had to do was scratch off the back and send him the code. Not wanting to let him down, I offered to go to his father’s office and lend him the £5 note he had in his wallet. but I never heard from him again.
The infamous “prince of nigeria” emails are going out of style. Instead, scammers are scouring social networks, especially business-related ones like LinkedIn, to target people with personalized messages. The strength of a relationship between two people can be gauged by inspecting their posts and comments to each other. In the first quarter of 2022, LinkedIn accounted for 52% of all phishing scams globally.
human tendencies
Psychologists who research obedience to authority know that we are more likely to respond to requests from people higher up in our social and professional hierarchies. and scammers know it too.
Fraudsters don’t need to spend a lot of time researching corporate structures. “I’m at the conference and my phone lost credit. can you ask xxx to send me the xxx report?” runs a typical scam message.
Google Safe Browsing data shows that there are now almost 75 times more phishing sites than malware sites on the internet. Nearly 20% of all employees are likely to click on phishing email links, and of those, a staggering 68% enter their credentials on a phishing website.
Globally, spam email fraud costs businesses almost US$20 billion (£17 billion) each year. Research from business consultant and tax auditor BDO found that six in ten mid-sized businesses in the UK were victims of fraud in 2020, suffering an average loss of £245,000.
Targets are typically chosen based on their rank, age, or social status. Sometimes spam is part of a coordinated cyberattack against a specific organization, so targets are selected if they work for or have connections with this organization.
Scammers are using spam bots to interact with victims who respond to the initial hook email. The bot uses recent information from linkedin and other social media platforms to gain the victim’s trust and entice them to provide valuable information or transfer money. this started in the last two or three years with the addition of chatbots to websites to increase customer interactions. Recent examples include Royal Mail Chatbot Scam, DHL Express, and Facebook Messenger. Unfortunately for the public, many companies offer free and paid services to build a chatbot.
Scammers now have more technical solutions to hide their identities, such as the use of anonymous communication channels or fake IP addresses.
Social media makes it easy for scammers to craft credible emails called spear phishing. the data we share every day gives scammers clues about our lives that they can use against us. it could be something as simple as a place you recently visited or a website you use. Unlike general phishing (lots of spam emails), this nuanced approach exploits our tendency to place importance on information that has some connection to or for us. When we go through our entire inbox, we often select something that catches our eye. this is known in psychology as illusory correlation: seeing things as related when they are not.
how to protect yourself
Even if you’re tempted to lure scammers by email, don’t. even confirming that your email address is in use can make you a target for future scams. There is also a more human element to these scams compared to the blanket bombing approach that scammers have favored for the past two decades. it is eerily intimate.
An easy way to avoid being scammed is to double-check sender details and email headers. think about what information might be available about you, not just what you receive and from whom. if you have another way to contact that person, do so.
We all need to be careful with our data. The general rule of thumb is that if you don’t want someone to know, then don’t put it online.
The more advanced technology becomes, the easier it is to take a human approach. video calling technology and messaging apps bring you closer to your friends and family. but he is giving people who would hurt him a window into his life. so we have to use our human defenses: gut instinct. if something doesn’t feel right, pay attention.