With scams everywhere and on the increase, the main ones can be explored through the lens of the human natures involved. Whilst these scams are carried out most often using cyber means it’s the human elements that remain the key to whether they succeed or fail.
Whilst scammers are unlikely to be pious or religious types, and so are likely unconcerned to learn that they may well be breaching 7 of the 10 Commandments. These are: 1) they worship money and no god, 2) they make idols, from crime, 3) they steal again and again, 4) they bear false witness against their neighbours, by their deception, 5) they covert other people’s goods, 6) they do not honour their fathers or mothers, & 7) they operate 24/7 with no break for the sabbath!
Clearly no fans of the Christian church, scammers nevertheless understand, probably innately, what Pope Gregory 1 in the 6th Century warned against, when he talked of the 7 deadly sins and the 7 virtues, and how by indulging and manipulating more of the former and hoping for less of the latter, their 7 dangerous cyber scams will succeed.
The 7 dangerous cyber scams that work best and proliferate globally come in different shapes and sizes with local flavours, but can be described consistently, with the top 4 generating the most in scam losses in the private sector in the US (over 75%) and in the UK (over 80%), with another 3 accounting for much of the rest.
These Top 7 dangerous cyber scams are:
- Investment scams
- Romance Scams
- Business E Mail Compromise or Invoice Redirect Scams
- Impersonation Scams
- Advance Fee Scams
- Pay for Goods no Delivery or Delivery no Payment Scams
- Hybrid Scams, such as:
- CEO Scams
- Charity Scams
- Pig Butchering.Scams
The 7 deadly sins are also known as the 7 cardinal or capital sins and recognised as vices that can lead to other sins. These are: 1) Vain glory or Pride, 2) Greed or Covetousness, 3) Lust, 4) Envy, 5) Gluttony, 6) Wrath or Anger and 7) Sloth or lack of work. The antidote to these are apparently the 7 virtues of 1) Humility, 2) Charity, 3) Chastity, 4) Gratitude, 5) Temperance, 6) Patience, and 7) Diligence.
An updated list for the modern world of the “7 Deadly Sins” for the online world might well suggest the following for “Vices”: 1) “Greed” or a love of more money 2) “FOMO” or fear of missing out, 3) “Lust” or “Love”, 4) “Loneliness”, 5) “Fear”, 6) “Complacency” & 7) “Naivety” and/or “Ignorance”.
An updated list for the “7 Virtues” needed to survive in the modern online world might be 1) Moderation, 2) Scepticism, 3) Friendships, 4) Challenge, 5) Vigilance, 6) Patience & 7) Diligence.
Scammers rely on human frailties, indulge them and manipulate them in different ways, to persuade targets to do things they soon wish they hadn’t. The more of these vices people have and the less of the virtues they display, the more likely they will be to become a victim of a scam. We all have human frailties and make mistakes, but understanding our own weaknesses, and developing strategies to counter them may protect us from ending up as yet another scam victim, or at least learning and not falling victim again.
Let’s take a look at the 7 dangerous cyber scams through the lens of the 7 cyber sins and the 7 online virtues as to how these are involved and might be relevant.
1) Investment Scams: The main characteristics of investment scams are all too often too good to be true returns, with low risks, usually in quick and pressurised time frames, perhaps limited time offers, by which to make a decision. Increasingly investment scams involve Cryptocurrency, which have largely been operating outside of accepted norms and without the usual protections. Amounts invested are often very large and therefore very profitable for scammers. The typical profile for victims (in the USA) are middle aged (30-49) professional home owners with capital to invest, and this unlikely to be their first investment. Often a small amount is solicited to be invested, which may see an initial apparent return, and then a larger sum is encouraged. Many of the organised scams operate through so called boiler rooms, with scripted conversations and tried and tested techniques adopted.
The obvious vices at play here are a combination of “Greed”, “FOMO”, “Naivety” or “Ignorance”, which is why high returns, low risks, limited offers and can’t lose sales claims are used to feed into these vices. Many virtues would help to protect potential victims, including “Scepticism”, “Challenges” “Patience” & “Diligence”. For example, if the offer was such a sure thing why is the scammer offering it to a complete stranger, so “Skepticism” should be a natural reaction. Also making a “Challenge”, by asking the scammer questions usually illicit’s a complete avoidance of the question asked, as the scammer tries to stick to their script. This raises red flags and should be followed up with more questions. To avoid pressure sales techniques requires “Patience”, and as sales of investments should usually be from regulated parties, “Diligence” on who is making the offer should be investigated.
2) Romance Scams: The main characteristics of romance scams involve a two step process. The first is to establish an emotional bond with the potential victim deceiving the victim, either through the prospect of future genuine sex, love or simply to offset loneliness. This is often a too good to be true love and or relationship, which has been usually initiated online by the scammer and from distance. The connection is developed over time where the target buys into the relationship and wants more. This is when the second step of the scam is initiated. The scammer will introduce a reason for the target to pay the scammer, perhaps medical bills, or another emergency. Once a payment is made the scammer will continue to seek funds until the victim has run out of money or the scam is uncovered. Interestingly, romance scams are the one that tends to involve more payments than any other (for example 8 payments) before the victim realises and/or is persuaded the relationship is not real and he or she has been scammed. Most victims (US) are male and in the over 60 age group, followed by age 50 – 59’s.
The obvious vices involved here are “Lust” or “Love” or “Loneliness”. Whilst one of the original virtues of “Chastity” may have helped avoid this type of scam, it’s unlikely to play a role in the modern world. More relevant virtues today would be “Scepticism”, “Friendships” & “Diligence”. “Lust”, “Love” and or “Loneliness” can generate powerful emotions and relationships can often be private and individuals want to believe a blossoming connection is genuine and so doubts may be ignored. These emotions are unlikely to be present at the start or when the connection is made, so applying “Skepticism” at the start should be a useful tool to identify whether this could be a scam. Exercising “Diligence” through making video calls, confirming people are who they say they are through checking Facebook or other social media would go a long way to establishing whether someone is genuine. Another virtue is confiding in “Friendships”who may tell you things you don’t want to hear because they have your best interests at heart and may be able to help you get past your pride. “Patience” may not be as relevant as, romance scams often go slowly and build up over time.
Another variation if the romance scam is Sextortion, where threats to reveal compromising data, including nude photos, or other compromising images or data are made, unless payments are made. Here “Lust” is almost always involved, but so is “Fear” and is often but not exclusively targeted at younger generations, both boys and girls. Perhaps “Moderation” is a defence but this may be asking too much of too many in todays world.
3) Business E-Mail Compromise or Invoice Redirect Scams: These involve scammers getting involved in turning legitimate payments destined for genuine third parties into payments instead landing in accounts the scammers control. The scammers have become aware of how payments work, often for a company making a payment to a supplier but also for individuals for example in connection with a real estate purchase. By acquiring access to for example the e-mails of some of those involved, they can skilfully replace details of the intended payment recipient with bogus details which redirect funds to accounts they control.
The scammers in these cases have gained access to privileged and confidential information and are waiting to strike when the time is right. Preventing access to privileged and confidential information is possible through online hygiene, by avoiding unknown e-mails and not clicking on unfamiliar links. Once access has been granted surreptitiously, identifying the switch in payment details is the next challenge.
A relevant and important vice here might “Naivety” or “Ignorance” if employees are not aware or trained or could be “Complacency”, with employees letting down their guard on unsolicited e mails of phishing attempts, or the organisation failing to implement rigorous testing and IT security protocols. Mitigating virtues include in particular “Vigilance” to avoid phishing and other attacks, and “Diligence” in checking a invoice and payment details very carefully before processing.
4) Impersonation Scams: Scammers will impersonate third parties, often holding positions of authority, for example, government officials from the Tax Office, or from the Police or the Courts, or from a Utility company and seek to intimidate and pressurise targets into making immediate payments to avoid serious consequences, like arrests or having services immediately cut off. Unpaid taxes or court judgements or unpaid utility bills that are fake are often used in this kind of scam.
Another common impersonation scam is where the scammer pretends to be from the targets Bank, claiming for example a fraud has been carried out on the targets account and monies need to be moved urgently to avoid further fraudulent activity. Of course the new destination for the monies is an account the scammers control. Scammers can change their caller ID or e mail address or label their text message with a company name to make it appear it’s genuine.
A particular variation is the Tech Support Scam, where scammers contact targets and pretend to be representatives of a Tech Company, claiming they have found a fault with your device but can help. At best the scammers try to get targets to pay for fixing non-existent problems and at worse they want to gain remote access into your device and install malware, ransomware, or other programs that can steal information or damage data or the device itself.
Another impersonation scam type is the “Ore Ore Sagi” or “It’s Me” which is a common scam, particularly in Japan. A scammer will call usually an elder starting the conversation with this line intending to get the leader to guess which of their relatives it could be, and if a younger voice may say the name, then the scammer confirms and uses that identity to solicit money due to some fake emergency. The scam is particularly successful with far flung relatives and/or friends so they can be more easily fooled. A more sophisticated scam actually has details of the relatives and carrie’s out the deception with more details of the relative and is able therefore to convince the target to send money for the emergency.
With an impersonation scam, the scammer preys on the “Fear” of the victim that something bad will happen unless they respond quickly. The victim may also be “Naive” or “Ignorant” of these kinds of scams and may be genuinely shocked and consider it a genuine encounter. To successfully avoid any attempt from becoming successful, the target will need virtues such as, “Challenge” by getting a full explanation of why a payment is due and why this is now an emergency. The target shouldn’t be taken in by the use of authority type or professional type figures. These agencies would never act in this way, and so “Skepticism” is also important. Last but not least “Patience” to take time to evaluate the situation and avoid being pressurised and rushed into making a poor choice and “Diligence” to consider a call back to verify the identify of the scammer with independently sourced contact details.
That brings us on to other less common scams but still prevalent and generative of significant amounts of financial crime proceeds and losses to victims. For example
5) Advance Fee Fraud: These scams are one of the oldest and targets pure “Greed”, with incredible returns offered, usually a lost treasure or a huge amount that can be shared if only a small payment can be made to help facilitate the unlocking of these funds. They are usually mass mailed with everyone targeted and the success rates are very small but still enough hit their target and elicit a response which is then turned into victim losses. They used to be called 419 scams , named after the section in the Nigerian Penal Code that criminalised this activity which started in Nigeria using letters and faxes before maturing and proliferating at scale in the digital age. Whilst “Greed” is the main motivating factor attracting victims to respond to these outlandish and almost unbelievable offers, there are still plenty of people that fall for these scams for the first time despite their long history. Therefore “Naivety” or “Ignorance” still plays a part. In response virtues such as “Diligence” are the best defence. A cursory internet search, or discussion with a “Friend” would highlight the likelihood that this proposal is almost certainly an attempted scam.
6) Pay for Goods no Delivery or Delivery no Payment Scams: In this scam a buyer pays for goods or services they find online, but those goods or services are never delivered. Conversely a non payment scam involves goods or services being shipped, but the seller is never paid. A favourite genre for scammers are “Holiday Scams” or “Branded Product Scams” all with glossy adverts, fake websites, online contact forms, phone numbers and e-mail addresses.
This scam relies often on a too good to be true offering, with the dream holiday or branded goods much less than would be the case with legitimate offerings, but entice the target as a result, so “Greed” or “Naivety” may be factors the scammers rely on. In order to avoid falling for this scam, “Scepticism” & “Diligence” are likely to be the most important traits and virtues. By checking details, especially for vendors you have not used before, for example, whether web sites are actually a copy of legitimate websites, by checking for the legitimate website independently and comparing the two or the actual web address and not the one arrived at by a link. Potential victims of this kind of fraud or scam more likely will be those individuals that spend a long time online, are attracted to offers through social media, and have little time or inclination to carry out any due diligence. An element of “Sloth” here is a likely factor in a scam being successful. Promiscuous online shoppers beware.
7) Hybrid Scams: These scams are variations of the most popular scam types which combine elements of more than 1 of these. These include:
7.1) CEO Scams: This is a variation of both “Impersonation Scams” and “Business E Mail Compromise Scams”, and sometimes called “Whale Phishing”. Scammers impersonate someone senior at a company, by compromising legitimate business e-mail accounts (e.g. by phishing mails – including specifically targeted and tailored e mails (spear phishing & links). if successful then they use these for example from the CEOs account to other departments in a company, in particular to finance, instructing them to make payments, to fake suppliers or escrow accounts such as lawyers accounts overseas in connection with a highly confidential transaction. To execute the scam, the CEO needs to be difficult to contact or verify these instructions allowing the scammers to use the e-mail only to persuade and pressurise those internally with authority to process payments.
As with BEC scams, there is little evidence of vice being involved, though scammers can use “Wrath” or “Anger” through follow up e mails if employees don’t follow the instructions because they are unusual and question the CEO about them instead of making the payment. Still again, would be better to focus on the lack of virtue leading to losses which can be countered by “Skepticism”, “Vigilance” and “Diligence” as the best defence to this kind of fraud or scam. The requested payment to be made is very likely to be unusual, and it’s probably unusual for the payment details to be provided by someone like the CEO out of the blue when the CEO is difficult to contact, for example at a speaking engagement, or a client event for a lengthy period.
7.2) Charity Scams: In this scam a fake charity will solicit donations, perhaps following a disaster such as an earthquake or other natural disaster, preying this time actually on a virtue of potential victims, being their “Charity” and desire to help alleviate suffering. Once more “Diligence” is the answer to this challenge, by checking the provenance of a charity that has been recently established and if this is one you haven’t dealt with before. This is a hybrid of “Investment Scams”, “Impersonations Scams” and the “Payment – Non Delivery Scams”.
7.3) Pig Butchering: A growing scam type is called “Pig Butchering” which is a hybrid scam starting with elements used for successful romance scams leading to introductions to investments, particularly cryptocurrencies which soon lead to significant losses for the victim. As disturbing, often those playing the part of the scammer in the romance are trafficked persons, forced to play roles online, through threats of violence after themselves being victims of impersonation scams, for example taking up fake job offers particularly in South East Asia. These scams were run first by Chinese organised crime and are beginning to proliferate. The vices and virtues that apply to “Investment Scams” and “Romance Scams” apply here.
Conclusion: Scammers know all about human nature and know more about the people they target than ever before, with more information being available online through social media and so designing scams tailor made to each of our human frailties. Lack of virtues is their new business model.
Whilst the best way to avoid scams is probably not to be online, and or not to respond to third party attempts to initiate communication, this is unrealistic for most of us. By tempering, though basic instincts for vice and nurturing virtues we can strengthen our defences.
We probably need less greed, lust, envy and naivety and more skepticism, challenge, patience, vigilance and diligence in the world if we are going to strengthen our defences against scammers. Alternatively at least by knowing ourselves we can start to understand how we would best be targeted and be more wary of avoiding the tricks and techniques likely to be used against us.
A final thought as scammers are people too, even though they use mostly cyber means to connect and communicate, what they dislike most is providing targets with real information about themselves. You could say their overarching trait is an excessive “Shyness” along with being (in all cases usually but not always) “Evasive”, “Strangers”, “Foreigners”, “Impatient”, “Ghosts” (with no personal online presence or publicly available information) & “Ruthless”.
Just as scammers use their knowledge of human nature to succeed in what they do, knowing how scammers operate and what we can do to them too is also worth knowing. As is reporting attempted and actual scams, but having details of real names, telephone numbers, addresses, bank account details, references, photographs or recorded videos, make a future investigation much more likely and much more successful. Just by trying to acquire this kind of information from those trying to scam you is likely to prevent any scam itself from being successful. We all have the ability to embrace moderation, be sceptical, share with friends, challenge, be vigilant, be patient and exercise diligence. If not we wouldn’t have already survived this long!
Financial Crime News; 20th March 2023