After speaking to a TV station recently about the Zelle fraud vector, I had another phone call on behalf of an elderly woman. Victim to another instance of fraud, this woman lost over $480,000. From the sound of it, the only thing she now has left to live on is social security; and her bank refuses to reimburse her. How did this happen? A malicious use of behavioral psychology and technological resources.
Behavioral Psychology and Cybersecurity
Usually, we concentrate on issues that directly relate to your cybersecurity. The reality is, though, that in our technological age cybersecurity, financial security, and physical security are incredibly intertwined. In this instance, a malicious actor used freely available information on the internet to target the individual (we’ll call her Kate to protect her identity). Kate was notified that she had won a large sum of money from a well-known campaign. The catch? She only had to advance a percentage of that amount for ‘taxation purposes.’ It sounded plausible; even though it was a large sum, in the end, it seemed to be worth it.
Developing the Profile
Over the weeks and months to come, the scammer developed Kate’s profile; he understood she valued family and her faith and had grandchildren, and that she was a widow. He preyed on this as she went deeper and deeper into the hole financially. Didn’t she want to help provide for her family, for her grandchildren? Now, after having taken out a loan on her house and being talked into an additional credit card (and maxing out both), Kate will likely lose her retirement, her house, everything she’s ever worked for.
There’s not much we can do from a cybersecurity standpoint for Kate, other than try to connect her with resources on this end. Zelle wasn’t at fault, the banks weren’t at fault, technology wasn’t at fault; it was an instance of a scammer who knew how to play off of a well-meaning, elderly woman. We can’t help Kate, but we want to help you and your loved ones. Here are three rules to keep in mind that are true for both this instance and the cybersecurity attacks we normally discuss.
3 Steps to Help Avoid Any Scam
- Were you expecting this call? If you weren’t expecting it, perhaps you shouldn’t be entertaining it.
- Never ever, ever give away personally identifiable information over the phone. Hang up, call the number in the back of your credit card, the website, or some other trusted source..
- Three, ask yourself and a friend, does this make sense? Don’t let a sense of urgency (which is always used in a scam) push you to act in a scenario that ultimately doesn’t make sense. Bring in another’s opinion if you’re suspicious but aren’t able to put your finger on what seems off.
Everything this scammer did is commonly used in phishing, smishing, and other scamming schemes that rely on behavioral psychology. Remember to stay aware, stay calm, and reach out if we can be of help!