/ Money, Technology

Are we too susceptible to scammers’ psychological tricks?

Card trick, scams

Scammers are notoriously good at staying ahead of the curve in their techniques to trick you.

I love magic tricks – I’m always so amazed when someone appears to read my mind and tell me what card I’d pictured. That’s right, it’s the 10 of Clubs – how did you know? It must be magic!

But it’s not – the truth is if I hadn’t been so wrapped up in the trick, I could’ve spotted the many clues dropped into the pattern leading me to pick the 10 of Clubs. I’m just predictable – predictably human and predictably vulnerable to tricks…

Easy to trick

I’m not the only one that loves these tricks, if the popularity of Derren Brown and Dynamo is anything to go by. But these psychological techniques can be used for more sinister ends – scammers are increasingly relying on people to behave predictably.

Did you know, according to the Office of National Statistics, that you’re 20 times more likely to fall victim to fraud than robbery?

According Robert Cialdini, professor of psychology, fraudsters use the ‘six principles of persuasion‘ to lure you to their tricks, these tactics are:

  • Reciprocity – you’ll probably feel indebted to someone who does something for you, or gives you something.
  • Commitment and consistency – once committed you’re more likely to be consistent and respond to their consistent messaging.
  • Liking – you’re more likely to trust someone you like.
  • Authority – you’re more likely to obey an authoritative figure.
  • Scarcity – you’re likely to be persuaded to want something that’s rare.
  • Social proof – this appeals to people’s needs to conform, you may be persuaded to do something by what others are doing too.

When we recently tested a group of people to identify genuine and scam emails we found that people could correctly identify the dodgy emails 67% of the time, and that was despite being confident that the right answer had been picked 84% of the time – it’s that gap that leaves us exposed to fraudsters and their tricks.

We can keep our wits about us, but the scams are increasingly sophisticated and play on our human nature to respond in certain ways to certain cues.

The Head of Fraud Prevention at Barclays says that when he listens back to scam phone calls, he is impressed by the fraudsters’ levels of customer service. When criminals are this artful, it’s no wonder that even the smartest people are caught out. And the results are also impressive: one in 10 of us fell victim to scams and fraud last year, costing the British public around £9bn a year.

Protection from scams

I’m not stupid. But like many I’m polite, trusting and follow the rules. It’s these exact qualities that make me more vulnerable to fraud.

When it comes to protecting yourself from scams knowing what to look out for can be just the half of it.

With scammers getting increasingly advanced in the techniques they’re using it seems unfair to be expected to fend off all fraudsters. And that’s why we’re campaigning to get companies to play their part in making it harder for scammers, we need companies to help by doing all they can to safeguard their customers from these clever scams.

If you suspect you’ve stumbled across a scam then you can report it to Action Fraud.

So, tell me, have you spotted any scammers exercising these persuasive tricks to get you to play along?

Gary says:
28 August 2016

I contacted Nat West and pointed out several areas in which I felt their online security was lacking. I received a curt reply stating that their system was very secure and they took security seriously. I still feel that they do not take adequate precautions to protect thier customers online. The poor basic security procedures which Nat West operate coupled with the number of widely publicised IT problems which they have had mean I would never consider them as my main bank. Whilst I would never make public most of the items I pointed out to them an example is their continued provision of links in routine emails, which is an invitation to scammers to operate phishing scams without raising suspicion.

Linda Brown says:
4 September 2016

l have been the victim of fraud 3 times now and still not got anywhere with action fraud
what are they doing nothing for me and my husband and l am on the verge of a nervious break down
because none is listening or helping us.

This comment was removed at the request of the user

I am pretty sure that I would be in favour, but when invited to sign a petition I expect to be shown the wording of that petition – which I do not readily find on this page!

This comment was removed at the request of the user

As a matter of interest, did Dorset Police’s Economic Crime Unit report any success in apprehending perpetrators or recovering people’s money, or even any strengthening of resources for tackling these crimes?

This comment was removed at the request of the user

The Bournemouth Echo website was not much help [plastered with ads, pop-ups and videos making it virtually inaccessible!] but I found the main story on the Dorset Police website. Unfortunately it didn’t say what action the police were actually taking to deal with these despicable crimes. Coastal counties attract retired people [and Dorset’s are richer than most] and scammers must perceive them to be easy pickings, but it seems to be a nationwide problem for which the authorities have little in the way of a defence.

This comment was removed at the request of the user

Thanks Duncan. I shan’t be investing in any blockers since I rarely stray outside a few reputable websites. I usually avoid newspaper sites because they pepper them with pop-ups to get some advertising income to compensate for the loss of hard-copy sales caused by the internet. I don’t usually complain as how else would I be able to read something in a Dorset newspaper?

So far as I could work out, Dorset Police have not yet caught anybody for scamming and all they can do is pass on warnings to their elderly and vulnerable residents.

This comment was removed at the request of the user

Thames Valley police regularly make efforts to advise people – private and businesses – about crime, scams, online problems etc. They are currently in the middle of a 4 week programme “As part of our ongoing #ProtectYourWorld campaign, which aims to raise awareness of online crime and encourage people and businesses to take steps to protect themselves, a number of community events and live on-line discussions are scheduled to take place over the coming weeks.”

It might be very difficult to prosecute perpetrators but it is just as important – probably more so – to help people understand what goes on and protect themselves.

Many thanks to Which for the recent email on safeguard from and spotting scams which is excellent and I have moved to a folder where I can keep and look at again, as it will not be deleted. Even though I consider myself to someone who is not very gullible I always welcome any further advice which is always welcome as this problem grows bigger every day.

I opened an email from apple the other day, thanking me for my purchase for music download and the sum of £23.00.
I know nothing of this and wondered if this might be a scam..is anyone aware of this??

Apple scams are common, but what you have there is a receipt. The usual tactic with those is to feature a link on them, and if you follow that you’re taken to a malicious site so – as always – don’t ever follow an email link. The only safe way is to use iTunes and go to ‘your account’ which connects directly with Apple and then you can verify if someone has sneaked an order through or not .

I recently had an email purporting to be from Apple, I never use Apple so I didn’t open it. It stated something to the effect that it was an invoice and ‘thanking’ me for my custom.

Clive Chapman says:
22 September 2016

This morning there were 3 emails with sender ID being first names only, and companies I wasn’t familiar with and attachments. I deleted the attachments unopened. My assumption now is that if there is a legitimate need to contact me for delivery or payment and I delete the sender will persist in contacting me. That much alone will be enough for me to seek clear and familiar ID from them before I proceed.

The emails were more likely to be attempts to download virus’s onto your system via the attachments. Over the last two weeks, I have received emails which claim to be from Barclays and Natwest asking me to download the latest interest rates from their attachment. (I’m not a customer of either).

We need to be more careful about everything.
Never trust anyone when money is concerned.
ALWAYS make sure of the details AND circumstances.

This comment was removed at the request of the user

I pay no attention to e-mails I do not recognise.


I have always been told that one should NEVER give bank details in an email as they are not secure. How come solicitors for example, who ought to know better, ever do this?
In the early days of online mail order, for instance, firms would say ‘Put your order in by email but phone us with your card details, as that’s much more secure.’
May be it’s a case of prevention is better than cure. Though I agree banks should definitely be held to be more responsible for this type of fraud.

This comment was removed at the request of the user

I must admit we don’t here about any fake website crimes in the UK. Is that because they are very few and far between, or because the perpetrators have evaded detection or are in a different jurisdiction, or because any crimes are not getting the investigative resources required? I don’t know what the UK penalties are on conviction but I doubt they would be as severe as in the USA. With a falling crime rate here and plenty of other attractive opportunities for scamming people by deception without actually needing to create a fake website perhaps this is just not such a major issue here.

This comment was removed at the request of the user

Oooops!! Awful blunder in Line 1 of my preceding post. Please change “here” to “hear” to make sense of it.

You could be right Duncan but it doesn’t seem to get much reporting. I thought most of the related comments received in Which? Conversation were about genuine websites that misled people by deception [for example, passport applications]. Some still exist but they have had to make their warnings more prominent; so long as they do that they are not illegal it would seem.

Duncan makes a good point. Perhaps companies need to change the ways in which they communicate with their customers, and leave all links out of their emails. HSBC, for instance, still include links and argue that the links only connect to their website front end. But I think they’re missing the point completely. So long as emails from companies contain any links at all people will drop their guard over links in emails generally.

I totally agree, Ian. Companies insert links in e-mails to propel people into their websites and stop them wandering away into the next item in their inbox, but they are potentially the most harmful feature of the system. It only takes a few seconds longer to go the long way round but it’s so much safer. So long as the navigation instructions are clear in the e-mail there should be no problem.

I think these links are a throwback to the early days of home compting when the internet was a much safer place and when people appreciated the convenience of a link rather than typing long URL’s into browsers. You can just start typing a name in now, a choice quickly appears, and in two or three clicks you are there safely.

I have received a number of emails from banks which looked liked potential phishing emails. In each case I forwarded then to the bank and didn’t reply to them. If they had been genuine the bank would have responded accordingly. They didn’t. Some were easy to spot, by checking the email address rather than what was displayed. Others were more sophisticated.

This comment was removed at the request of the user

It would be really helpful if Which? could print/post details on how to check email headers in the main email services – Hotmail/Outlook, Gmail, Yahoo!, etc. That way you can more easily tell whether the email is from who the displayed name is claiming to be, or not.
– In Outlook/Hotmail – hover the mouse over the sender’s name, and it will show the sending email address. If the name does not match the sending email address, be suspicious as it is likely fraud, phishing or spam.
– In Outlook/Hotmail – right click on the sender’s name – without opening the email – and select ‘View message source’ (be patient, it takes a few seconds to display). This will display all of the message header details, and you can search for the From: – it should be followed by lines for ‘Reply-To’ and ‘To’. Again, if it does not match the sender’s name be suspicious.
– I regularly do this before opening emails that I am not expecting, even from friends, and especially those in my junk/spam folder.
– In Gmail unfortunately you have to open the mail to find the header details: click on the down arrow that gives you ‘Reply’, ‘Reply To’, ‘Forward’, etc. options. The last option will display the header details.
If you want to report it to Which? or whichever company it claims to be from:
– Copy the header details (select all – Ctrl + a; copy it – Ctrl + c), select Forward in the mail you want to send, and then paste the header details (Ctrl + v) in and send.
– Alternatively, if possible, attach the original email to a blank/new email and send that. The email headers will remain in the original email. Just forwarding it will not provide them with enough details.
The above work on a PC/Mac, but I don’t know if it is possible on a phone or tablet, or in an app, but worth trying to find out if that is what you use.

They still keep coming: But nothing is done by IP. How do you report this to anyone by e-mail?

[Sorry Philip, we can’t allow these links to be shared on Which? Conversation as they could be scams. You can report a phishing email to Natwest here phishing@natwest.com, or MBNA here abuse@bankofamerica.com. You can also report scams to Action Fraud here https://reportlite.actionfraud.police.uk/. Thanks, mods]

Hi I just need to change my access e-mail address and pass word