Scammers are highly resourceful and cunning when devising new ways to swindle people. But they often rely on long-standing persuasion techniques for their tricks to work. So, you may hear about a new scam that uses a novel narrative, but there is a good chance that the scam depends on proven scam techniques once the narrative is stripped away.
But first, what constitutes a scam? A scam is when someone deceptively attempts to get money, data, or personal information from you under false pretenses. They do so with methods including social engineering, emails (phishing) and text messages (smishing), often posing as legitimate companies, governmental agencies, or even real people from your life in order to create a false sense of trust.
To Err is Human
These scam techniques often exploit our characteristics and heuristics, the very things that make us human and fallible. A malefactor may use a variety of techniques to pressure people into acting against their own best interests, but each of these techniques will use emotion to cloud the target's judgement.
In this blog post, we will cover some of the following common scam techniques and explain how they work:
Evoking visceral influence
Creating urgency
Exploiting the fear of missing out (FOMO)
Appealing to authority
Faking social proof
Appealing to reciprocity
Leveraging the bandwagon effect
Appealing to emotions of guilt or sympathy
Normalizing risky behavior
Exploiting trust in experts
The Stick and Carrot
Evoking visceral influences such as hunger, thirst, pain, fear, excitement, sexual desire, greed, and suchlike, are primal states that can powerfully guide behavior. People often focus entirely on addressing the immediate need when under such influence, compromising rational thinking. For example, we’re told not to shop for food when hungry because our judgment is clouded.
Scammers exploit this by triggering visceral states, such as fear (a compromised account) or excitement or greed (a free prize). The goal is to provoke an impulsive reaction without logical thought, often overriding caution and advice.
What to watch for: How does the email make you feel? Are you stressed, excited, or anxious?
Act Fast! Before Common Sense Kicks In
Visceral influences are fleeting, which is why scammers combine them with urgency cues. This often involves deadlines like "You have 24 hours to recover your account," or "Only the first 100 people can claim this offer," or more subtle tactics (such as subscription renewal pressure).
Urgency pushes quick action, exploiting the compromised thinking under visceral influence and often paired with scarcity to further pressure decisions.
What to watch for: Any message stressing time limits or a need to act quickly.
The FOMO is Real
When something is scarce, we tend to value it more and want it even more. Suggesting scarcity is a common persuasion tactic used by scammers to encourage impulsive action, as seen in “one-day offers” or similar limited-time deals. This taps into the fear of missing out (FOMO), leading us to make hasty decisions.
What to watch for: Watch for messages that pressure you to act “before it’s too late,” with countdowns or claims like “Only a few spots left” or “Offer ends today!” These are tactics designed to rush your decision.
Fake It 'Til They Make You Panic
Scammers often impersonate figures of authority such as police, doctors, lawyers, or government officials (the IRS, FBI). We are conditioned from a young age to trust and comply with authority figures, often without questioning their motives. This makes it easier for scammers to lower our defenses, particularly when threats of penalties or legal consequences are involved.
What to watch for: Pressure to comply with authority figures, especially with threats of legal consequences or penalties.
Trust Me, I’m a Customer
We naturally look to others to guide our decisions, and scammers exploit this by faking social proof or reviews, testimonials, and social media accounts. This lowers our skepticism and encourages us to trust their offers. They may also use fake testimonials or phishing emails that appear to come from someone who benefited from a product or service.
Scammers also target groups with common ties, using a trusted individual to influence others within the group, often seen in pyramid schemes.
What to watch for: Suspiciously perfect or overly positive reviews or recommendations from people in your trusted circle.
The Masters of 'You Owe Me'
People tend to feel obligated to return favors, especially when something is given to them first. Bad actors often use this by offering something "free" or a small gift upfront, making the target feel compelled to reciprocate by clicking on a link, giving out personal information, or making a payment.
What to watch for: If you receive an unsolicited gift or offer, be cautious. Fraudsters may use this as a way to manipulate you into taking action, such as clicking on a suspicious link or providing personal information in return.
Jumping on the Bandwagon
Leveraging the bandwagon effect is similar to faking social proof but specifically focuses on the idea that if "everyone else is doing it," it must be the right choice. Scammers use this by implying that many people are already taking advantage of an offer or using a product, creating a sense of peer pressure to join in.
What to watch for: Look out for phrases like “Join thousands of satisfied customers” or “Don’t miss out like everyone else.” Be skeptical if a product or offer seems to have an artificially inflated popularity.
Tugging at Your Heart... And Your Wallet
Cybercrooks sometimes exploit feelings of guilt or sympathy by framing their request in a way that tugs at heartstrings. For example, posing as someone in dire need (a relative in an emergency situation) may prompt people to act out of emotional obligation.
What to watch for: Be wary of unsolicited messages that invoke emotional responses, such as urgent pleas for money or help, especially if they claim someone close to you is in trouble or in need. Always verify these pleas before acting.
A 'Great Deal' Anchored in Deception
This cognitive bias occurs when people depend too much on the first piece of information they come across (the "anchor") when making decisions. Scammers may set an initial high "anchor price" for a product or service, and when they offer a “discount” on the price, the target feels they’re getting a good deal, even though the real value may be much lower than the discounted price.
What to watch for: If you see a product or service being offered at a "discount," check the original price elsewhere. Scammers will often manipulate the initial price to create the illusion of a great deal. Always compare prices across different trusted sites or stores.
Nothing to See Here… Except Red Flags
Some scammers try to make illegal or risky actions seem normal or acceptable. They might present an unethical decision (such as investment in a high-risk opportunity) as a common or sensible move, decreasing the resistance of the target.
What to watch for: If someone encourages you to take shortcuts, bypass legal or financial protocols, or act against your better judgment, take a step back. They may be trying to normalize behavior that’s actually a scam or fraud.
Certified in B.S.
Similar to appealing to authority, this focuses on presenting the scammer as an "expert" in a specific field. The scammer may drop terms or present data that seems highly credible or scientific, tricking the victim into trusting their advice or offer.
What to watch for: If someone uses complex jargon, official-sounding titles, or authoritative references that you don’t fully understand, verify their credentials before trusting their advice or offer. Experts should be transparent and open to questions.
Tools Used by Scammers
As we've discussed above, some of the most common tools scammers use are phishing emails and fake social accounts. Let's take a look at a few of the other tools scammers use and why:
Fake IDs and credentials: Unfortunately, it’s easy for malefactors to get their hands on fake IDs, including basic photo IDs as well as governmental and corporate ID badges. Scammers also use other fake credentials like badge numbers, job titles, and stolen personal data to gain trust.
Call spoofing: Criminals have the ability to make fraudulent phone calls appear as if they're coming from legitimate sources like banks or the IRS. Don’t give away credit card info over the phone unless you made the call, and only use companies' official phone numbers listed online or in mail pieces.
Smishing: Smishing is similar to phishing but takes place over short message service (SMS) text messages. One of the most common smishing schemes is when scammers pose as the postal service, claiming the recipient must click a link in order to receive a mail package.
Internet pop-ups: Pop-ups interrupt your attention, making them highly successful at creating urgency. Pop-up scams include fake security alerts or online shopping coupons that entice the user to quickly click a button or enter personal details before thinking the situation through.
Fake websites: Fake websites can look deceptively legitimate and are usually based on well-known brands. Before you enter your credit card number or personal details into a field, make sure the website is secure. You can do so by looking for "https" in the URL.
AI technology for generating realistic content: Scammers now use advanced AI to create realistic emails, messages, and even entire websites that mimic legitimate sources with high precision. This makes it harder for individuals to distinguish between real and fake communications.
Deepfake videos: Criminals use deepfake technology to create highly realistic videos of individuals, sometimes impersonating well-known figures or even acquaintances, in order to fool people into believing they are being contacted by a trusted source.
Cloned voices: With the advancement of voice cloning technology, scammers can now mimic the voices of loved ones, bosses, or colleagues. This is particularly dangerous in phone scams, where a cloned voice may convince the target to provide sensitive information or money.
Malicious apps: Some scammers distribute fake apps that look like legitimate ones but are designed to steal personal information, track users' activities, or even infect devices with malware. It's critical to only download apps from trusted sources such as official app stores.
SIM swapping: This technique involves fraudsters taking control of someone’s phone number by persuading a mobile carrier to switch the number to a new SIM card. With access to the target’s phone number, scammers can bypass security features like two-factor authentication to access sensitive accounts.
QR code scams: Scammers place QR codes on physical or digital ads, which, when scanned, lead to malicious websites or trigger unwanted downloads. These links can steal personal data or install malware on devices.
These tools have grown more and more sophisticated, using every modern technology in the criminal’s arsenal, and making it even more important for people and businesses to stay vigilant and cautious in their online activities.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
