5 reasons why scams survive, thrive, and succeed

Computer fraud, or cyber-scamming, is a multi-billion-dollar industry that affects people and organizations around the world. Since the pandemic started, cybersecurity experts have tracked a 400% rise in online scams. The world is evolving at a rapid pace and with everything getting connected and automated scammers are bound to adapt, thrive and succeed. Let’s understand the top five reasons:

The more you scam, the better your odds of success

Scamming is a numbers game. To succeed a scammer exploits human vulnerabilities finding ideal targets by cycling through large groups of people. For every thousand emails sent out, the cybercriminal may get only a handful of responses, but only one or two replies is enough to translate to hundreds or thousands of dollars.

Like car-sales people, scammers are a persistent lot. They churn through a number of sales pitches, looking for that one window of opportunity when a customer takes the bait and accidentally clicks or replies to a bogus email or download. Like any other business, variety is important to a criminal enterprise. A single culprit can run several scams in parallel, casting wide nets across various pools of people. In one scam, they might send phishing emails; in another, they might commit wire transfer fraud; in a third scam, they could con a purchasing agent through bogus B2B websites.

The global nature of the internet also works in favor of cybercriminals. A crook in Uzbekistan, Iran, or Romania can target hundreds of thousands of Americans without having to worry about getting caught as violations for online crimes might be loosely enforced locally.

A successful scam leads to countless imitations

Bernard Madoff did not invent the Ponzi scheme, instead he simply institutionalized the crime by conning investors out of billions of dollars using the same technique that someone would use to steal a thousand dollars. The famous 419 scam or the advanced fee scam has been around for decades, and it is widely believed that a lot of it still originates from Nigeria, but in reality, research suggests that 61% of these scams actually originate from the United States.

Much of the scams that emerged in times of the pandemic are also old wine in new bottles. The concept is age-old -- using fear and financial incentives to create urgency and coaxing users to respond. Cybercriminals used Covid-19 to their advantage and impersonated governments with the pretext of stimulus payments, fake charities with the pretext of donations, fake insurance companies providing fake coronavirus insurance and more in exchange for financial information from victims.

“Pump and dump” financial schemes have always been prevalent since the times of the stock market and these have also now proliferated even in the cryptocurrency market. Not to mention, the internet itself serves as a potent medium of reaching large numbers of investors through spam email, social media, and misinformation.

Simple technology tricks reap major outcomes

Faking an online presence is pretty simple these days. A cybercriminal with moderate skills can craft a convincing bank sign-in page or even a fake website and social media identity that appears credible. Cybercrime-as-a-service models facilitate cybercriminals to carry out sophisticated ransomware attacks -- even without advanced technical knowledge. Some scams are poorly constructed and contain warning signs like bad grammar, poor spelling and suspicious URLs. Professional scams on the other hand, are complex, convincing, highly targeted and may involve multiple criminals in numerous countries. Profiling victims has also become extremely easy online. An attacker can study a victim’s blog, social media posts and access other publicly available information before starting a campaign.

Lack of cybersecurity knowledge can be a dangerous thing

Humans are creatures of habit and some are notoriously easy to fool. Many chose passwords that favor convenience over security. Many use the same password for all their online accounts including bank accounts.

Some people are often too trusting in what they reveal and share online to an almost anonymous audience. Simple, well-crafted search terms can uncover a wealth of personal information that can easily assist cybercrooks with victimization.

Absence of cybersecurity hygiene and knowledge and can be dangerous, especially at a time when so many are working remotely and given how 75% are doing so without any security guidance or training. Knowing too little about online safety can be costly for businesses and individuals, while on the other hand, a little insight into human nature often makes scammers successful.

To err is human

It’s human to be trusting and sometimes gullible and fraudsters are students of human nature. They understand common thought processes, habits, and behaviors. They know how to manipulate emotional vulnerabilities to pull off all types of scams. Success at one scam builds criminal experience that leads to another scam. Finding a victim is simply a matter of cycling through groups of people and singling out a vulnerable one to exploit. Covid-19 scams are a perfect indicator of how fraudsters exploit a crisis, times when we are most confused, panicked, distracted and impulsive.

Stu Sjouwerman is founder and CEO of KnowBe4, developer of security awareness training and simulated phishing platforms. He was co-founder of Sunbelt Software, the anti-malware software company acquired in 2010. He is the author of four books, including “Cyberheist: The Biggest Financial Threat Facing American Businesses.” He can be reached at ssjouwerman@knowbe4.com.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?