5 reasons why scams survive, thrive, and succeed

December 29, 2020

Computer fraud, or cyber-scamming, is a multi-billion-dollar industry that affects people and organizations around the world. Since the pandemic started, cybersecurity experts have tracked a 400% rise in online scams. The world is evolving at a rapid pace and with everything getting connected and automated scammers are bound to adapt, thrive and succeed. Let’s understand the top five reasons:

The more you scam, the better your odds of success

Scamming is a numbers game. To succeed a scammer exploits human vulnerabilities finding ideal targets by cycling through large groups of people. For every thousand emails sent out, the cybercriminal may get only a handful of responses, but only one or two replies is enough to translate to hundreds or thousands of dollars.

Like car-sales people, scammers are a persistent lot. They churn through a number of sales pitches, looking for that one window of opportunity when a customer takes the bait and accidentally clicks or replies to a bogus email or download. Like any other business, variety is important to a criminal enterprise. A single culprit can run several scams in parallel, casting wide nets across various pools of people. In one scam, they might send phishing emails; in another, they might commit wire transfer fraud; in a third scam, they could con a purchasing agent through bogus B2B websites.

The global nature of the internet also works in favor of cybercriminals. A crook in Uzbekistan, Iran, or Romania can target hundreds of thousands of Americans without having to worry about getting caught as violations for online crimes might be loosely enforced locally.

A successful scam leads to countless imitations

Bernard Madoff did not invent the Ponzi scheme, instead he simply institutionalized the crime by conning investors out of billions of dollars using the same technique that someone would use to steal a thousand dollars. The famous 419 scam or the advanced fee scam has been around for decades, and it is widely believed that a lot of it still originates from Nigeria, but in reality, research suggests that 61% of these scams actually originate from the United States.

Much of the scams that emerged in times of the pandemic are also old wine in new bottles. The concept is age-old -- using fear and financial incentives to create urgency and coaxing users to respond. Cybercriminals used Covid-19 to their advantage and impersonated governments with the pretext of stimulus payments, fake charities with the pretext of donations, fake insurance companies providing fake coronavirus insurance and more in exchange for financial information from victims.

“Pump and dump” financial schemes have always been prevalent since the times of the stock market and these have also now proliferated even in the cryptocurrency market. Not to mention, the internet itself serves as a potent medium of reaching large numbers of investors through spam email, social media, and misinformation.

Simple technology tricks reap major outcomes

Faking an online presence is pretty simple these days. A cybercriminal with moderate skills can craft a convincing bank sign-in page or even a fake website and social media identity that appears credible. Cybercrime-as-a-service models facilitate cybercriminals to carry out sophisticated ransomware attacks -- even without advanced technical knowledge. Some scams are poorly constructed and contain warning signs like bad grammar, poor spelling and suspicious URLs. Professional scams on the other hand, are complex, convincing, highly targeted and may involve multiple criminals in numerous countries. Profiling victims has also become extremely easy online. An attacker can study a victim’s blog, social media posts and access other publicly available information before starting a campaign.

Lack of cybersecurity knowledge can be a dangerous thing

Humans are creatures of habit and some are notoriously easy to fool. Many chose passwords that favor convenience over security. Many use the same password for all their online accounts including bank accounts.

Some people are often too trusting in what they reveal and share online to an almost anonymous audience. Simple, well-crafted search terms can uncover a wealth of personal information that can easily assist cybercrooks with victimization.

Absence of cybersecurity hygiene and knowledge and can be dangerous, especially at a time when so many are working remotely and given how 75% are doing so without any security guidance or training. Knowing too little about online safety can be costly for businesses and individuals, while on the other hand, a little insight into human nature often makes scammers successful.

To err is human

It’s human to be trusting and sometimes gullible and fraudsters are students of human nature. They understand common thought processes, habits, and behaviors. They know how to manipulate emotional vulnerabilities to pull off all types of scams. Success at one scam builds criminal experience that leads to another scam. Finding a victim is simply a matter of cycling through groups of people and singling out a vulnerable one to exploit. Covid-19 scams are a perfect indicator of how fraudsters exploit a crisis, times when we are most confused, panicked, distracted and impulsive.

Stu Sjouwerman is founder and CEO of KnowBe4, developer of security awareness training and simulated phishing platforms. He was co-founder of Sunbelt Software. Stu is also the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” From 1996 through 2001, he served as Editor-in-Chief of WServer News, an email newsletter to 100,000+ IT system administrators and editor of GFI Media Services which published four major online newsletters, including WServer News, WXP News, Win7 News, and GFI Security News. Along with his CEO duties, Stu is currently Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates and social engineering alerts to IT professionals.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?

Poll

Recruiting Diverse Candidates

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

5 reasons why scams survive, thrive, and succeed

Recent Articles by Stu Sjouwerman

If you want to safeguard your organization, focus on people

Smishing and vishing: Explained and explored

So, what is the safest password policy? It’s complicated

Ransomware: Avoid Becoming the Next Victim

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

5 reasons why scams survive, thrive, and succeed

Recent Articles by Stu Sjouwerman

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.