Spotlight on security: How to recognize email scams
Analysis reports of several sources (US, UK) show that email is and remains the number one delivery vehicle of malware. The reason why email is so popular is because half of the people will open an email of an unknown sender. Email scams play on people’s emotion to trick them into opening emails. In this month’s ‘spotlight on security’ we will explain what psychological tactics scammers use to take you off-guard and lower your fences.
Tactic 1: Using anger to trick you into opening emails
An email with an invoice for goods you did not buy or a speeding ticket for a car you don’t own most likely will trigger the emotion anger. Emotions are handled in our emotional brain or limbic system. This is exactly what scammers want, they don’t want you to think rationally, but react instantly to increase the chance of opening an URL or attachment. The ‘fake-invoice’ is the most used and most successful tactic in email scams.
Tactic 2: The ‘fast track to fortune’ lure for the greedy
The ancient Romans made sacrifices to the goddess of Fortune hoping she would spill richness out of the horn of plenty. Today people still buy lottery tickets, bet on sports game and gamble in casino’s. Scammers combine this deep rooted believe in luck with the lure of instant money (greed) to stimulate us to use our instinctive brain. Our instinctive or primal brain operates at an even lower level than our emotional brain. The ‘money transfer’ and ‘claim your price’ are well known scams to trick people into sending their banking details.
Tactic 3: The ‘short cut to success’ appeal for the lazy
Investment and job opportunity scams often use phrases like ‘get the life you deserve’ and ‘stop working for someone else’ combined with pictures of someone living the life of the rich and the famous. Rationally we all know there is no short cut to success, but in movies it seems simple. The 90-minute time frame of a movie helps to create this illusion, giving some people the idea (hope) it could happen to them to. Scammers appeal to the desire to gain power and prestige. Gaining or losing power correlated in prehistory with the ability to feed and protect woman and increase the chance to reproduce. These stimuli are handled in our instinctive (primal) brain making it an ideal bait for email scams.
Tactic 4: Predating on man’s oldest sin (lust)
Scammers take advance of all human weaknesses. It is not a coincidence that anger (Ira), greed (Avaritia), laziness (Acedia) and lust (Luxuria) all are classical sins. Inevitably lust is used to seduce people in romance and dating scams. Sexual stimuli are handled in our instinctive (primal) brain. Preventing us to think rationally is again the scam tactic used. Scammers changed their field of play to social media and dating sites for this type of scam. Recently a revival has been seen with the ‘your camera has been hacked’ email scam asking a crypto-ransom in return for the embarrassing recordings.
Tactic 5: Pressing for payment using surprise and seniority
Personalized phishing or spear phishing targets specific organizations or individuals within an organization. The example below clearly illustrates how a scammer uses emotion (surprise) and instinct (fear to say no to a boss) to spiral down the victim’s state of mind from thinking rationally to acting mindlessly. Imagine a junior accountant checking his email just before closing office at Friday. He receives a spoofed email from a senior executive asking him whether he is still at work. Surprised and charmed with the attention of a senior manager, he answers yes. Then the scammer throws in the bait ‘do you know how to make payments?’. A second hesitated ‘Yes’ puts the poor junior on the hook. The scammer has achieved role confirmation (senior asking is directing – junior answering is obeying) and raised the threshold to say no to a payment request (the junior himself said he could do it). The next mail explains the importance of the payment and necessity to pay now. A final ‘do you understand’ forces the poor junior to yes for the third-time in a row. Next the spammer makes the strike by asking the junior to perform an immediate payment.
Read our IT-security tips on our website: Email security