Falling Victim to Social Engineering and Fraud
Issue 233 | 11 January 2022
In this edition of Payments:Unpacked Extra! we feature a guest blog from Sarah Rutherford at FICO - for Sarah every week is Fraud Awareness Week…..
Payments:Unpacked is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Scams Alert: We Can All Fall Victim to Social Engineering and Fraud
The International Fraud Awareness Week back in November is probably a distant memory but every week is Fraud Awareness Week for FICO, as we focus on helping banks and other financial institutions worldwide detect and manage fraud. Fraud is a big burden for such organizations but there are of course other victims – people just like you and me. Their lives can be turned upside down and their finances ruined when they become victims of clever scam artists. Sometimes sympathy for them is in short supply, but social engineering is routinely used against all of us. We can all become victims of fraud.
Despite numerous studies and newspaper headlines informing us about the scams that fraudsters perpetrate, most of us don’t think we can easily be tricked into handing over money to criminals. FICO recently carried out a survey of 12,000 people in 12 countries. We asked them about the kind of financial crime that was worrying to them. Less than 7% of people said that they were worried about a fraudster tricking them into sending a payment. (For comparison, slightly more people were worried about a pickpocket stealing their wallet or purse and 31% were worried about a fraudster using information about them to takeover one of their financial accounts.)
Because people don’t feel they are vulnerable to social engineering techniques, education can be doomed to failure – why learn a lesson you don’t think you need? This is compounded by a feeling that scams happen to those who are vulnerable or in some way naïve or stupid.
Last month I attended a fraud conference where speaker after speaker used the trope of the lonely, old woman as the victim of fraud. This compounds the idea that scams happen to other people – people that aren’t like us. There are implications:
Victims are encouraged to feel foolish about being victims. This makes them less likely to report crime and if they do, more likely to accept a poor outcome in terms of restitution and investigation.
People who don’t consider themselves naïve or foolish develop a false sense of security and actually become more vulnerable to fraud.
Financial institutions are less likely to share liability (and loss) with their scammed customers – after all it’s the customers’ own fault they were taken in.
The truth is that anyone can become a victim of a scam. A book I’m currently reading, The Psychology of Fraud, Persuasion and Scam Techniques, opens with author Martina Dove explaining how she too fell victim to a purchase fraud.
These examples show the breadth of ways people can become victims of scams.
Case 1: CryptoRom
Victims: Users of dating apps including Grindr, Bumble and Tinder
Case notes: This combination of romance scam and investment scam happens in the online world of virtual dating and digital currencies — not somewhere you generally find the stereotypical little old lady victim. Enticed by the promise of love or perhaps greed, victims are taken on a journey from communicating via the dating app then into texts and WhatsApp messages. Their new beau is apparently a financial whiz kid who can help them invest in cryptocurrencies. The CryptoRom scam caught on during the pandemic when scammers had a ready-made excuse not to meet their ‘matches’ in person. It has been particularly prevalent in Asia but there are also victims in the UK, and in Australia, where the Australian Competition and Consumer Commission reports that almost a quarter of victims are aged just 18-34.
Case 2: Fake Invoice Fraud
Victims: Parents at private schools
Case notes: Invoice fraud happens when fraudsters manage to intercept the communications between buyer and supplier. They use social engineering to trick the buyer into changing the bank account details held for their supplier account, or simply submit an invoice that looks like it came from the original supplier, but it has the fraudster’s bank account details on it.
Typically, invoice scams target businesses, but in this case the targets are parents with children at private schools. The fraudster uses hacking and social engineering techniques to get access to a school’s records. With the contact information of the parents in hand, they send fake invoices offering parents a discount if they pay school fees before a deadline. The invoice looks like it came from the school, the email that sent it looks like it came from the school, but the bank account details are of course those of a fraudster. Fraudsters increase their likelihood of success by selecting parents based abroad, who may have less familiarity with what is normal in the school’s country and also have children who are boarding, meaning the fees are higher and the discount more attractive.
Case 3: Purchase Fraud
Victims: People like you and me — and in this case, me
Case notes: I’m someone who has worked in the fraud industry for more than 10 years – often talking about scams (and yes, I feel stupid and embarrassed). I had a very painful foot over the summer and couldn’t find the right kind of shoes to wear to be comfortable and somewhere close to stylish. And then on Facebook I saw an advert for just the right kind of shoe. The link went to a nice-looking website, and I ordered not one but two pairs! It was a complete fabrication – just a scam. I really should have known better, but with a painful foot and a holiday coming up where I needed comfortable shoes I couldn’t find elsewhere, I fell for it. Of course, the warning signs were there, but my need had numbed the part of my brain that could see those signals.
These three examples show that whether you’re young or old, male or female, naïve or apparently knowledgeable, when our defenses are down, we are all vulnerable.
Understanding and believing that we could fall victim to scams is the gateway to being alert to the risk and accepting the education that banks and consumer organizations provide.
Here are a few examples of excellent resources for understanding more about scams and ways to avoid them:
National Fraud Awareness Week – a global initiative to tackle fraud
UK Finance Fraud the Facts report – statistics on fraud but also tips on not becoming a victim
Take Five – a UK National fraud prevention campaign, that has a wealth of advice and information wherever you live.
If you manage fraud, take a look at this post on how our new models in FICO Falcon can stop more scam payments.
Sarah Rutherford manages solutions marketing for FICO's fraud, cybercrime and compliance business. Sarah is on a mission to help organizations understand more about the fraud and financial crime challenges they face and introduce them to better ways to fight the bad guys. Having worked as a marketing professional in the IT sector for almost 20 years, Sarah joined FICO following six years at Experian. An enthusiastic blogger, Sarah has blogged about subjects as diverse as identity management, fraud and cybersecurity, payments, women in the workplace and motivational sayings that are irritating!
Help grow Payments:Unpacked’s audience
If you enjoy reading Payments:Unpacked please share the word with your friends and colleagues - sharing the newsletter makes such a difference to growing the newsletters audience.