What ‘psychological warfare’ tactics do scammers use, and how can you protect yourself?
Mike Johnstone, Edith Cowan University and Georgia Psaroulis, Edith Cowan University
Not a day goes by without a headline about a victim being scammed and losing money. We are constantly warned about new scams and staying safe from cybercriminals. Scamwatch has no shortage of resources, too.
So why are people still getting scammed, and sometimes spectacularly so?
Scammers use sophisticated psychological techniques. They exploit our deepest human vulnerabilities and bypass rational thought to tap into our emotional responses.
This “psychological warfare” coerces victims into making impulsive decisions. Sometimes scammers spread their methods around many potential victims to see who is vulnerable. Other times, criminals focus on a specific person.
Let’s unpack some of these psychological techniques, and how you can defend against them.
1. Random phone calls
Scammers start with small requests to establish a sense of commitment. After agreeing to these minor requests, we are more likely to comply with larger demands, driven by a desire to act consistently.
The call won’t come from a number in your contacts or one you recognise, but the scammer may pretend to be someone you’ve engaged to work on your house, or perhaps one of your children using a friend’s phone to call you.
If it is a scammer, maybe keeping you on the phone for a long time gives them an opportunity to find out things about you or people you know. They can use this info either immediately or at a later date.
2. Creating a sense of urgency
Scammers fabricate scenarios that require immediate action, like claiming a bank account is at risk of closure or an offer is about to expire. This tactic aims to prevent victims from assessing the situation logically or seeking advice, pressuring them into rushed decisions.
The scammer creates an artificial situation in which you are frightened into doing something you wouldn’t ordinarily do. Scam calls alleging to be from the Australian Tax Office (ATO) are a great example. You have a debt to pay (apparently) and things will go badly if you don’t pay right now.
Scammers play on your emotions to provoke reactions that cloud judgement. They may threaten legal trouble to instil fear, promise high investment returns to exploit greed, or share fabricated distressing stories to elicit sympathy and financial assistance.
3. Building rapport with casual talk
Through extended conversation, scammers build a psychological commitment to their scheme. No one gets very far by just demanding your password, but it’s natural to be friendly with people who are friendly towards us.
After staying on the line for long periods of time, the victim also becomes cognitively fatigued. This not only makes the victim more open to suggestions, but also isolates them from friends or family who might recognise and counteract the scam.
4. Help me to help you
In this case, the scammer creates a situation where they help you to solve a real or imaginary problem (that they actually created). They work their “IT magic” and the problem goes away.
Later, they ask you for something you wouldn’t normally do, and you do it because of the “social debt”: they helped you first.
For example, a hacker might attack a corporate network, causing it to slow down. Then they call you, pretending to be from your organisation, perhaps as a recent hire not yet on the company’s contact list. They “help” you by turning off the attack, leaving you suitably grateful.
Perhaps a week later, they call again and ask for sensitive information, such as the CEO’s password. You know company policy is to not divulge it, but the scammer will ask if you remember them (of course you do) and come up with an excuse for why they really need this password.
The balance of the social debt says you will help them.
5. Appealing to authority
By posing as line managers, officials from government agencies, banks, or other authoritative bodies, scammers exploit our natural tendency to obey authority.
Such scams operate at varying levels of sophistication. The simple version: your manager messages you with an urgent request to purchase some gift cards and send through their numbers.
The complex version: your manager calls and asks to urgently transfer a large sum of money to an account you don’t recognise. You do this because it sounds exactly like your manager on the phone – but the scammer is using a voice deepfake. In a recent major case in Hong Kong, such a scam even involved a deepfake video call.
This is deeply challenging because artificial intelligence tools, such as Microsoft’s VALL-E, can create a voice deepfake using just three seconds of sampled audio from a real person.
How can you defend against a scam?
First and foremost, verify identity. Find another way to contact the person to verify who they are. For example, you can call a generic number for the business and ask to be connected.
In the face of rampant voice deepfakes, it can be helpful to agree on a “safe word” with your family members. If they call from an unrecognised number and you don’t hear the safe word just hang up.
Watch out for pressure tactics. If the conversation is moving too fast, remember that someone else’s problem is not yours to solve. Stop and run the problem past a colleague or family member for a sanity check. A legitimate business will have no problem with you doing this.
Lastly, if you are not sure about even the slightest detail, the simplest thing is to hang up or not respond. If you really owe a tax debt, the ATO will write to you.
Mike Johnstone, Security Researcher, Associate Professor in Resilient Systems, Edith Cowan University and Georgia Psaroulis, Postdoctoral research fellow, Edith Cowan University
Image credits: Shutterstock
This article is republished from The Conversation under a Creative Commons license. Read the original article.