Why do scams still work? The simple answer is that we are fallible humans and no amount of smart computing can completely protect us from ourselves, explains Dr. Peter Brooks, Head of Behavioural Finance, Barclays Wealth Management.
Most email, text or phone fraudsters want you to do something. It could be clicking a link to take you to a convincing, but fake, bank website, or opening an attachment containing malware to capture your log-in details the next time you visit your bank online. While this leads to the sage advice to stop and think before you click the link, it doesn't necessarily help you identify when a fraudster is trying to manipulate you into a lapse of judgement.
Psychologists, like the Nobel prize winning Daniel Kahneman, describe two systems of cognition. One makes snap judgements on situations, and the other is a much slower system which does the deeper thinking on more difficult problems.
Our 'fast brains' handle much of our daily activity and our 'slow brains' sit in the background validating choices and waiting for the situations where we struggle to make an instant judgement. Fraudsters don't want your deeper thinking slow brain to do any work because it massively lowers their chances of success. Successful scams are designed to appeal to your more intuitive, fast-thinking brain.
Two major scamming tactics are designed to tap into our natural human instincts. The first involves creating urgency to act in some way, the second appeals to our natural social curiosity.
Creating urgency to do something is perhaps the most common. You might receive an email telling you that your online account may have been compromised and that you need to log in to set a new password. Alternatively, you might receive a phone call from someone claiming to be from tech support who needs to remotely access your computer.
Both these scenarios are designed to create a mild state of panic which engages our fast brain to act quickly to restore order. Since most of us are naturally trusting of others, we are much more prone to that momentary lapse of judgement that lets the fraudsters in.
It’s important to look out for the situations where you are being asked to make a quick decision; it may be a fraudster trying to stop you having time to think more closely about what you are doing.
Our normal human social interactions are also a potential weakness. There are some very creative examples of frauds designed to play upon our natural curiosities. For example, you might deliberately receive an email which has been spoofed to look like it has mistakenly come from an HR team. There may be a file attachment promising to tell you the annual salary details of your department. Do you open the attachment? It might well contain a virus which can capture personal details from your computer.
This type of fraud isn't attempting to create a quick decision so it has to pass the scrutiny of our deeper thinking brains. Most of us would accept that the likely snap judgement when mistakenly receiving an email containing sensitive information is to let the sender know and to delete the email without looking at what we were not supposed to see.
However, it’s incredibly tempting to take a look because we naturally want to understand where we rank relative to our peers. Important to this fraud is that everything has to look as authentic as possible – the sender's email has to look right, it has to be from a recognisable name who should have access to the data, and the mistake has to look honest. Then the fraudster hopes our natural curiosities and personal moral code will be enough of a weakness to open the attachment.
Frauds are easily preventable if you follow the top tips like stopping and thinking, or not opening attachments you didn't expect to receive. However, following those tips is often a battle of managing our own behaviours and resisting the attempts of fraudsters to manipulate our emotional state. Ultimately, a momentary lack of human resolve can be all it takes for a fraudster to get what they need.