/ Money, Technology

Are we too susceptible to scammers’ psychological tricks?

Card trick, scams

Scammers are notoriously good at staying ahead of the curve in their techniques to trick you.

I love magic tricks – I’m always so amazed when someone appears to read my mind and tell me what card I’d pictured. That’s right, it’s the 10 of Clubs – how did you know? It must be magic!

But it’s not – the truth is if I hadn’t been so wrapped up in the trick, I could’ve spotted the many clues dropped into the pattern leading me to pick the 10 of Clubs. I’m just predictable – predictably human and predictably vulnerable to tricks…

Easy to trick

I’m not the only one that loves these tricks, if the popularity of Derren Brown and Dynamo is anything to go by. But these psychological techniques can be used for more sinister ends – scammers are increasingly relying on people to behave predictably.

Did you know, according to the Office of National Statistics, that you’re 20 times more likely to fall victim to fraud than robbery?

According Robert Cialdini, professor of psychology, fraudsters use the ‘six principles of persuasion‘ to lure you to their tricks, these tactics are:

  • Reciprocity – you’ll probably feel indebted to someone who does something for you, or gives you something.
  • Commitment and consistency – once committed you’re more likely to be consistent and respond to their consistent messaging.
  • Liking – you’re more likely to trust someone you like.
  • Authority – you’re more likely to obey an authoritative figure.
  • Scarcity – you’re likely to be persuaded to want something that’s rare.
  • Social proof – this appeals to people’s needs to conform, you may be persuaded to do something by what others are doing too.

When we recently tested a group of people to identify genuine and scam emails we found that people could correctly identify the dodgy emails 67% of the time, and that was despite being confident that the right answer had been picked 84% of the time – it’s that gap that leaves us exposed to fraudsters and their tricks.

We can keep our wits about us, but the scams are increasingly sophisticated and play on our human nature to respond in certain ways to certain cues.

The Head of Fraud Prevention at Barclays says that when he listens back to scam phone calls, he is impressed by the fraudsters’ levels of customer service. When criminals are this artful, it’s no wonder that even the smartest people are caught out. And the results are also impressive: one in 10 of us fell victim to scams and fraud last year, costing the British public around £9bn a year.

Protection from scams

I’m not stupid. But like many I’m polite, trusting and follow the rules. It’s these exact qualities that make me more vulnerable to fraud.

When it comes to protecting yourself from scams knowing what to look out for can be just the half of it.

With scammers getting increasingly advanced in the techniques they’re using it seems unfair to be expected to fend off all fraudsters. And that’s why we’re campaigning to get companies to play their part in making it harder for scammers, we need companies to help by doing all they can to safeguard their customers from these clever scams.

If you suspect you’ve stumbled across a scam then you can report it to Action Fraud.

So, tell me, have you spotted any scammers exercising these persuasive tricks to get you to play along?

Gary says:
28 August 2016

I contacted Nat West and pointed out several areas in which I felt their online security was lacking. I received a curt reply stating that their system was very secure and they took security seriously. I still feel that they do not take adequate precautions to protect thier customers online. The poor basic security procedures which Nat West operate coupled with the number of widely publicised IT problems which they have had mean I would never consider them as my main bank. Whilst I would never make public most of the items I pointed out to them an example is their continued provision of links in routine emails, which is an invitation to scammers to operate phishing scams without raising suspicion.

Linda Brown says:
4 September 2016

l have been the victim of fraud 3 times now and still not got anywhere with action fraud
what are they doing nothing for me and my husband and l am on the verge of a nervious break down
because none is listening or helping us.

Linda , why dont you ask Commander Chris Greany for help ? he is in charge of it . If you have been three times a victim , then can I ask ? Is it during an online transaction or is it via an email ? As I know people who have had nervous breakdowns I wouldnt wish that on anyone but as a simple member of the public could you give me details ( not your personal ones ) of the transactions that took place ? . I ask this so that others may be helped by your story.

I am pretty sure that I would be in favour, but when invited to sign a petition I expect to be shown the wording of that petition – which I do not readily find on this page!

Today,scamming news -15-9-2016-According to Dorset Police Economic Crime Unit ,s Det. Sergeant Andrew Kennard now over 100 people have been scammed in the area . They claim to be Talk-Talk or HMRC a 70 year old male in Wimborne lost £6000 due to Talk-Talk scam . Christchurch -based John+Elsie Smith lost £2500 to roof repairs, 91 year old male from Bournemouth lost £5000 to a man claiming to be a cop ,another Bournemouth resident lost £4000 to a funeral scam , 70 year old female ( Lymington ) lost £24000 to Visa scam. Talk-Talk has had 4 Million users data stolen , 86 reports of Talk-Talk scams in that area received by Dorset Police – reports Bournemouth Echo . This is getting International recognition as I found it on an International virus/scam/ tech website.

As a matter of interest, did Dorset Police’s Economic Crime Unit report any success in apprehending perpetrators or recovering people’s money, or even any strengthening of resources for tackling these crimes?

As a matter of fact they did report some success but I never took note of the details John , I should have .

The Bournemouth Echo website was not much help [plastered with ads, pop-ups and videos making it virtually inaccessible!] but I found the main story on the Dorset Police website. Unfortunately it didn’t say what action the police were actually taking to deal with these despicable crimes. Coastal counties attract retired people [and Dorset’s are richer than most] and scammers must perceive them to be easy pickings, but it seems to be a nationwide problem for which the authorities have little in the way of a defence.

John I got rid of 90 % of popups/ads/etc by installing many plug-ins , whether your browser will allow it is another thing. I have blank spaces to each side in most websites . It does have some pitfalls, some American websites block you from accessing them and some videos dont work , some websites just give basic script but you can change that on a per site basis . I cant access BT unless I allow tracking , for example, I dont have Flash Player of any type as its open house to hackers. Dorset Police , as you say, didnt go into detail about how they caught them and whether they were all charged .

Thanks Duncan. I shan’t be investing in any blockers since I rarely stray outside a few reputable websites. I usually avoid newspaper sites because they pepper them with pop-ups to get some advertising income to compensate for the loss of hard-copy sales caused by the internet. I don’t usually complain as how else would I be able to read something in a Dorset newspaper?

So far as I could work out, Dorset Police have not yet caught anybody for scamming and all they can do is pass on warnings to their elderly and vulnerable residents.

Life is funny John , one of my plug-ins is Ghostery , I have had my suspicions about it as it is run by a company connected to advertising much like our own official public “help ” organisation to report problems with advertising etc . Just hours after your post it was automatically updated to a new version . This new version seemed limited in what it could do but after several hours use it didnt seem to function showing zero trackers after my other blockers showed many . Try as I might I could not get it to function removing -re-installing etc and then a tab appeared from a much better sophisticated multi-blocker app , I clicked on it and surprise-surprise !! it was blocking Ghostery because the new version now had a major tracker installed Ghostery,s OWN tracker /server . I removed it from my PC . It just shows you ,as I say to many posters , more and more BB finds ways of tracking you but thats really tricky , an app to stop trackers installing its own big tracker and I clicked on I didnt want to give any data back to Ghostery , didnt make a blind bit of difference . So for those with Ghostery (a US company ) if you have been “upgraded” to version 7 then un-install it.

Thames Valley police regularly make efforts to advise people – private and businesses – about crime, scams, online problems etc. They are currently in the middle of a 4 week programme “As part of our ongoing #ProtectYourWorld campaign, which aims to raise awareness of online crime and encourage people and businesses to take steps to protect themselves, a number of community events and live on-line discussions are scheduled to take place over the coming weeks.”

It might be very difficult to prosecute perpetrators but it is just as important – probably more so – to help people understand what goes on and protect themselves.

Many thanks to Which for the recent email on safeguard from and spotting scams which is excellent and I have moved to a folder where I can keep and look at again, as it will not be deleted. Even though I consider myself to someone who is not very gullible I always welcome any further advice which is always welcome as this problem grows bigger every day.

I opened an email from apple the other day, thanking me for my purchase for music download and the sum of £23.00.
I know nothing of this and wondered if this might be a scam..is anyone aware of this??

Apple scams are common, but what you have there is a receipt. The usual tactic with those is to feature a link on them, and if you follow that you’re taken to a malicious site so – as always – don’t ever follow an email link. The only safe way is to use iTunes and go to ‘your account’ which connects directly with Apple and then you can verify if someone has sneaked an order through or not .

I recently had an email purporting to be from Apple, I never use Apple so I didn’t open it. It stated something to the effect that it was an invoice and ‘thanking’ me for my custom.

Clive Chapman says:
22 September 2016

This morning there were 3 emails with sender ID being first names only, and companies I wasn’t familiar with and attachments. I deleted the attachments unopened. My assumption now is that if there is a legitimate need to contact me for delivery or payment and I delete the sender will persist in contacting me. That much alone will be enough for me to seek clear and familiar ID from them before I proceed.

The emails were more likely to be attempts to download virus’s onto your system via the attachments. Over the last two weeks, I have received emails which claim to be from Barclays and Natwest asking me to download the latest interest rates from their attachment. (I’m not a customer of either).

We need to be more careful about everything.
Never trust anyone when money is concerned.
ALWAYS make sure of the details AND circumstances.

Scammers will try any trick in the book but this shows even in Egypt they watch Which Technical Convo . I got an email from an Egyptian in regards to a “Perpetual Motion Machine- My “Friend ” my name is ******* ******* ****** I am not here to take your money- (sure you arent ) or selling you any kind of scam ( sure you are ) I am giving the whole world my Permanent Magnet Perpetual Engine – patent no- ************ kindly click on this link – and by the way it certainly looks kosher and doesnt look scamming . The problem with permanent magnets is that they lose magnetism over a long period and are certainly not “perpetual ” . Well “bless my soul ” ! I didnt click on the link but got another browser up and inputted the basic URL and got ?? – a Suez Canal Port Authority Company .

I pay no attention to e-mails I do not recognise.


I have always been told that one should NEVER give bank details in an email as they are not secure. How come solicitors for example, who ought to know better, ever do this?
In the early days of online mail order, for instance, firms would say ‘Put your order in by email but phone us with your card details, as that’s much more secure.’
May be it’s a case of prevention is better than cure. Though I agree banks should definitely be held to be more responsible for this type of fraud.

In the US , cyber criminals who create a fake website to defraud consumers can be sent to prison for 5 years ( and 5 years means 5 years in the US ) and pay a $250,000 fine . And here ??? – still listening –silence . The difference ? the FBI and other US government bodies actually trace them and jail them .

I must admit we don’t here about any fake website crimes in the UK. Is that because they are very few and far between, or because the perpetrators have evaded detection or are in a different jurisdiction, or because any crimes are not getting the investigative resources required? I don’t know what the UK penalties are on conviction but I doubt they would be as severe as in the USA. With a falling crime rate here and plenty of other attractive opportunities for scamming people by deception without actually needing to create a fake website perhaps this is just not such a major issue here.

John while this convo is mainly about phone scamming other Which convo,s have been full of posters being scammed by clicking on a link and being taken in every case to a fake website where they again click on links to give out their monetary details . Very large sums of money have been lost , the advice given is- DONT click on links in emails but where is the UK Authorities ability to catch those thieves ? I would be grateful if our security forces who deal in cyber crime would turn their attention from helping BB and started helping Joe Public and provide actual data of the number of websites not just closed down but where THEY caught and fined the culprits who stole from the general public. Every day in the UK 100,s are scammed by that means – fake websites .

Oooops!! Awful blunder in Line 1 of my preceding post. Please change “here” to “hear” to make sense of it.

You could be right Duncan but it doesn’t seem to get much reporting. I thought most of the related comments received in Which? Conversation were about genuine websites that misled people by deception [for example, passport applications]. Some still exist but they have had to make their warnings more prominent; so long as they do that they are not illegal it would seem.

Duncan makes a good point. Perhaps companies need to change the ways in which they communicate with their customers, and leave all links out of their emails. HSBC, for instance, still include links and argue that the links only connect to their website front end. But I think they’re missing the point completely. So long as emails from companies contain any links at all people will drop their guard over links in emails generally.

I totally agree, Ian. Companies insert links in e-mails to propel people into their websites and stop them wandering away into the next item in their inbox, but they are potentially the most harmful feature of the system. It only takes a few seconds longer to go the long way round but it’s so much safer. So long as the navigation instructions are clear in the e-mail there should be no problem.

I think these links are a throwback to the early days of home compting when the internet was a much safer place and when people appreciated the convenience of a link rather than typing long URL’s into browsers. You can just start typing a name in now, a choice quickly appears, and in two or three clicks you are there safely.

I have received a number of emails from banks which looked liked potential phishing emails. In each case I forwarded then to the bank and didn’t reply to them. If they had been genuine the bank would have responded accordingly. They didn’t. Some were easy to spot, by checking the email address rather than what was displayed. Others were more sophisticated.

Dave I know the ones you are talking about they tried it with me for years but I never answer them and only get a very occasional one from some young bedroom scammer . I get a laugh when they mention banks I dont belong to , you shouldnt get emails from your bank ,I have never had one from mine ,but I dont have online banking so that sinks them all.

It would be really helpful if Which? could print/post details on how to check email headers in the main email services – Hotmail/Outlook, Gmail, Yahoo!, etc. That way you can more easily tell whether the email is from who the displayed name is claiming to be, or not.
– In Outlook/Hotmail – hover the mouse over the sender’s name, and it will show the sending email address. If the name does not match the sending email address, be suspicious as it is likely fraud, phishing or spam.
– In Outlook/Hotmail – right click on the sender’s name – without opening the email – and select ‘View message source’ (be patient, it takes a few seconds to display). This will display all of the message header details, and you can search for the From: – it should be followed by lines for ‘Reply-To’ and ‘To’. Again, if it does not match the sender’s name be suspicious.
– I regularly do this before opening emails that I am not expecting, even from friends, and especially those in my junk/spam folder.
– In Gmail unfortunately you have to open the mail to find the header details: click on the down arrow that gives you ‘Reply’, ‘Reply To’, ‘Forward’, etc. options. The last option will display the header details.
If you want to report it to Which? or whichever company it claims to be from:
– Copy the header details (select all – Ctrl + a; copy it – Ctrl + c), select Forward in the mail you want to send, and then paste the header details (Ctrl + v) in and send.
– Alternatively, if possible, attach the original email to a blank/new email and send that. The email headers will remain in the original email. Just forwarding it will not provide them with enough details.
The above work on a PC/Mac, but I don’t know if it is possible on a phone or tablet, or in an app, but worth trying to find out if that is what you use.

They still keep coming: But nothing is done by IP. How do you report this to anyone by e-mail?

[Sorry Philip, we can’t allow these links to be shared on Which? Conversation as they could be scams. You can report a phishing email to Natwest here phishing@natwest.com, or MBNA here abuse@bankofamerica.com. You can also report scams to Action Fraud here https://reportlite.actionfraud.police.uk/. Thanks, mods]

Hi I just need to change my access e-mail address and pass word