Not so fast! Watch out for these psychological techniques used by scammers — and how to protect yourself

Find another way to contact the person to verify who they are. For example, you can call a generic number for the business and ask to be connected. (Photo: Freepik)

By Mike Johnstone and Georgia Psaroulis

5 Mar 2024

Scammers use ‘psychological warfare’ to get unsuspecting victims to part with valuable information or money. Here are some tips for how you can protect yourself.

Not a day goes by without a headline about a victim being scammed and losing money. We are constantly warned about new scams and staying safe from cybercriminals.

So why are people still getting scammed, and sometimes spectacularly so?

Scammers use sophisticated psychological techniques. They exploit our deepest human vulnerabilities and bypass rational thought to tap into our emotional responses.

This “psychological warfare” coerces victims into making impulsive decisions. Sometimes scammers spread their methods around many potential victims to see who is vulnerable. Other times, criminals focus on a specific person.

Let’s explore some of these psychological techniques and how you can defend yourself against them.

Random phone calls

Scammers start with small requests to establish a sense of commitment. After agreeing to these minor requests, we are more likely to comply with larger demands, driven by a desire to act consistently.

The call won’t come from a number in your contacts or one you recognise, but the scammer may pretend to be someone you’ve engaged to work on your house, or perhaps one of your children using a friend’s phone to call you.

They may threaten legal trouble to instil fear, promise high investment returns to exploit greed, or share fabricated distressing stories to elicit sympathy and financial assistance.

If it is a scammer, maybe keeping you on the phone for a long time gives them an opportunity to find out things about you or people you know.

They can use this information either immediately or at a later date.

Creating a sense of urgency

Scammers fabricate scenarios that require immediate action, like claiming a bank account is at risk of closure, or an offer is about to expire. This tactic aims to prevent victims from assessing the situation logically or seeking advice, pressuring them into rushed decisions.

The scammer creates an artificial situation in which you are frightened into doing something you wouldn’t ordinarily do. Scam calls alleging to be from the South African Revenue Service (SARS) are a great example. You have a debt to pay – apparently – and things will go badly if you do not pay right now.

Scammers play on your emotions to provoke reactions that cloud judgement. They may threaten legal trouble to instil fear, promise high investment returns to exploit greed, or share fabricated distressing stories to elicit sympathy and financial assistance.

Building rapport with casual talk

Through extended conversation, scammers build a psychological commitment to their scheme. No one gets very far by just demanding your password, but it’s natural to be friendly with people who are friendly towards us.

After staying on the line for long periods the victim also becomes cognitively fatigued. This not only makes them more open to suggestions, but also isolates them from friends or family who might recognise and counteract the scam.

scammers Find another way to contact the person to verify who they are. For example, you can call a generic number for the business and ask to be connected. (Photo: Freepik)

Help me to help you

In this case, the scammer creates a situation where they help you to solve a real or imaginary problem (that they actually created). They work their “IT magic” and the problem goes away.

Later, they ask you for something you wouldn’t normally do, and you do it because of the “social debt”: They helped you first.

For example, a hacker might attack a corporate network, causing it to slow down. Then they call you, pretending to be from your organisation, perhaps as a recent hire not yet on the company’s contact list. They “help” you by turning off the attack, leaving you suitably grateful.

Perhaps a week later, they call again and ask for sensitive information, such as the CEO’s password. You know company policy is not to divulge it, but the scammer will ask if you remember them (of course you do) and come up with an excuse for why they really need this password.

The balance of the social debt says you will help them.

Appealing to authority

By posing as line managers, officials from government agencies, banks or other authoritative bodies, scammers exploit our natural tendency to obey authority.

Such scams operate at varying levels of sophistication. The simple version: Your manager messages you with an urgent request to buy some gift cards and send through their numbers.

If the conversation is moving too fast, remember that someone else’s problem is not yours to solve.

The complex version: Your manager calls and asks to urgently transfer a large sum of money to an account you don’t recognise. You do this because it sounds exactly like your manager on the phone – but the scammer is using a voice deepfake. In a recent major case in Hong Kong, such a scam even involved a deepfake video call.

This is deeply challenging because artificial intelligence tools, such as Microsoft’s VALL-E, can create a voice deepfake using just three seconds of sampled audio from a real person.

How can you defend yourself against a scam?

First and foremost, verify identity. Find another way to contact the person to verify who they are. For example, you can call a generic number for the business and ask to be connected.

In the face of rampant voice deepfakes, it can be helpful to agree on a “safe word” with your family members. If they call from an unrecognised number and you don’t hear the safe word, just hang up.

Read more in Daily Maverick: How to spot an online scam and avoid becoming the next victim

Watch out for pressure tactics. If the conversation is moving too fast, remember that someone else’s problem is not yours to solve. Stop and run the problem past a colleague or family member for a sanity check. A legitimate business will have no problem with you doing this.

Last, if you are not sure about even the slightest detail, the simplest thing is to hang up or not respond. If you really owe a tax debt, SARS will write to you. DM

First published by The Conversation.

Mike Johnstone is a security researcher and associate professor in resilient systems at Edith Cowan University in Australia. Georgia Psaroulis is a postdoctoral research fellow at the university.

This story first appeared in our weekly Daily Maverick 168 newspaper, which is available countrywide for R29.

DM168

Categories:

Tags:

DM is much better if you are signed in...

Sci-Tech