Scammers are increasingly resourceful when coming up with scam techniques. But they often rely on long-standing persuasion techniques for the scam to work. So, you may hear about a new scam that uses a novel narrative, but there is a good chance that the scam relies on proven scam techniques once the narrative is stripped away.
But first, what constitutes a scam? A scam is when someone deceptively attempts to get money, data, or personal information from you under false pretenses. They do so with methods including emails (phishing) and text messages (smishing), often posing as legitimate companies, governmental agencies, or even real people from your life in order to create a false sense of trust.
These scam techniques often exploit our characteristics and heuristics, or things that make us human and fallible. A scammer may use a variety of techniques to pressure people into acting against their own best interests, but each of these techniques will use emotion to cloud the target's judgement. In this blog post, I will cover some of the following common scam techniques and explain how they work:
- Evoking visceral influence
- Creating urgency
- Suggesting scarcity
- Appealing to authority
- Faking social proof
Evoking visceral influence
Visceral influences such as hunger, thirst, pain, fear, excitement, sexual desire, greed, etc., are our primal states. They can be extremely powerful when evoked, as people will orientate all their attention to addressing the needs of that state. For example, have you ever heard that you should not go shopping for food when you're hungry? This is good advice; when we are under a visceral influence, our rational thinking is compromised.
Scammers love evoking a visceral influence in phishing correspondence. Examples include free prizes (excitement and greed) or a compromised account (fear). The key is to entice the potential victim to act quickly and impulsively without reasoning. Being in a visceral state also helps people to forget rational advice that they might be inclined to follow otherwise.
What to watch for
How the email makes you feel? Is it stressing you out, or are you excited at the prospect being offered?
Creating Urgency
Visceral influence is fleeting. It comes quickly and wanes quickly. This is why scammers frequently pair evoking a visceral influence with urgency cues.
Urgency is typically evoked by mentioning deadlines such as ‘You have 24 hours to recover your account’ or ‘Hurry, as only the first 100 people can claim this offer.’ But it can also be more subliminal such as in the example below. Here, the scammer has orchestrated a situation that will likely put pressure on the potential victim to act quickly (i.e., renewing a subscription unless it is turned off).
Urgency is often evoked in scams to persuade people to act quickly. That's especially true when under a visceral influence, which compromises careful thinking. It is often paired with other scam techniques, such as scarcity.
What to watch for
Any indication of limited time in the correspondence that indicates you need to act quickly.
Suggesting Scarcity
When something is hard to get, we want it more. We also tend to place greater value on it, as difficulty obtaining it will skew the perception of quality. As such, we are more willing to do stupid things to get it, something that scammers know very well. Scarcity is evoked by limiting offers such as a ‘one-day offer.’ This encourages instant decisions so we can avoid missing out on a great opportunity. Scarcity is a known persuasion technique that's often used in sales.
What to watch for
An indication that the offer is a one-time deal or somehow unique and that you will be missing out if you don’t act on it.
Appealing to Authority
First is that, from an early age, we are brought up to respect and obey authority figures. Therefore, any requests coming from people in a position of authority will likely result in less resistance.
Second, we have also been brought up to trust people in certain professions because these people inspire trust and confidence. We typically trust that lawyers, doctors, and even religious figures such as ministers have our best interests at heart. This means that we may not question their motives as we would the motives of other people. Some people are also more easily influenced by authority figures, which would make them even more vulnerable to authority cues.
What to watch for
Pressure to comply with requests from authority sources, especially if there is a threat that non-compliance would lead to arrest or penalties.
Faking Social proof
Our world and our behaviors are shaped by looking at others, seeing what they do, and evaluating how they behave. This can be exploited by scammers who may fake testimonials, recommendations, and reviews online. Social proof lowers our risk perceptions. We become more open to trying things and products from which other people have benefited. Purchasing items that come with good reviews or testimonials or purchasing from companies that have been recommended gives us confidence in that purchase.
Scammers exploit social influence in a couple of ways. These include faking testimonials and reviews or even going as far as creating fake social media accounts to do so. There's also targeting individuals with phishing emails pretending to come from people who have benefited from a particular product or service.
Another way of exploiting social proof is targeting groups of people who have something in common such as people who work or socialize together. In such situations, a scammer typically persuades one person in that group to go along with a purchase or an investment, as others in the group end up doing the same upon seeing a member of a trusted group recommending the investment. This is how pyramid schemes often work.
What to watch for
Testimonials and recommendations are provided by the offer itself. These include any extremely positive reviews, especially if they are not detailed, as well as testimonials that appear in seemingly unrelated places such as social media pages.
Tools Used by Scammers
As we've discussed above, some of the most common tools scammers use are phishing emails and fake social accounts. Let's take a look at a few of the other tools scammers use and why:
- Fake IDs and credentials: Unfortunately, fake IDs are easy for scammers to obtain. This includes basic photo IDs as well as governmental and corporate ID badges. Scammers also use other fake credentials like badge numbers, job titles, and stolen personal data to gain trust.
- Call spoofing: Criminals have the ability to make fraudulent phone calls appear as if they're coming from legitimate sources like banks or the IRS. Don't give away credit card info over the phone unless you made the call and only use companies' official phone numbers listed online or on mail pieces.
- Smishing: Smishing is similar to phishing but takes place over short message service (SMS) text messages. One of the most common smishing schemes is when scammers pose as the postal service claiming the recipient must click a link in order to receive a mail package.
- Internet pop-ups: Pop-ups interrupt your attention, making them highly successful at creating urgency. Pop-up scams include fake security alerts or online shopping coupons that entice the user to quickly click a button or enter personal details before thinking the situation through.
- Fake websites: Fake websites can look deceptively legitimate and are usually based on well-known brands. Before you enter your credit card number or personal details into a field, make sure the website is secure. You can do so by looking for "https" in the URL.
Further Reading
Protecting a New Vulnerable Population on the Internet
Protecting the New Most Vulnerable Population – The Grandparent Scam
More from Martina Dove
Phishing Attacks Often Target Small Businesses – Here’s What to Watch for
How Social Norms Can Be Exploited by Scammers on Social Media
Data Breaches: A Chance for Opportunistic Scammers & What You Should Watch for
Sextortion Scams – How They Persuade and What to Watch for
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
