‘I am too smart to fall for a scam’ will come back to bite you

Harry Mayes -

By Harry Mayes, Research Technician, Neuroscience

Like many, I believed I was too smart to fall for an online scam. Being pretty adept with computers and technology, I was convinced I would see the tell-tale signs: the typos, the dodgy links, the email addresses comprised of random strings of letters claiming to be an invoice from apple or some other conglomerate. Μy certainty made me the perfect victim.

At some point, using Chrome or Safari, you may have gotten a message along the lines of 'your data may have been leaked in a recent breach.' This is not limited to password data, you can lose control of something arguably more important: cookies. Those things you agree to when entering almost any site you visit these days. Seemingly innocent, with an appealing name, cookies track your data. From the websites you look at, to how long you spend on them, to what you bought and what you clicked on. Usually used for advertising purposes, this data can be dangerous in the wrong hands, as I regrettably came to learn.

I had just moved into a new house for my third year and did a big online shop for some house essentials across many websites. A week later, when I was expecting parcels from three or four different shipping companies, I received a text. Appearing as just ‘Royal Mail’ in my messages. It said to click the link provided to get them to attempt re-delivery. Expecting so many parcels, I clicked away and they extracted my debit card information. This was a classic example of a phishing scam, the cookies had just made it that much more effective.

They preyed on my data and banked on the fact I believed I’d never fall for a scam

Thankfully, that card had little on it and all the scammers used it for was an Uber Eats delivery worth £17. But what scared me was how accurately my data had been used to exploit me. They'd known I was expecting a parcel, roughly when I would be expecting it, and from Royal Mail too! They preyed on my data and banked on the fact I believed I’d never fall for a scam.

With the emergence of AI these scams are only getting smarter and more frequent. AI generated phone calls and videos make powerful tools for exploitation. The increased accessibility of AI and data, like cookies, allows for more specific targeting. No longer will it be the elderly as the usual victims of phishing scams: these new techniques have allowed even CEO’s and major businesses to be deceived into dumping hefty sums into the pockets of tricksters.

Just last year, a single scam caused damages of around €3.4 billion. All it took to breach the major US fuel supplier Colonial Pipeline was the password of one employee, most likely through a phishing email. Scammers planted malicious software into the company’s billing system that revoked employees' access to finances. They held this data ransom and were paid $4.4 million for it, but the breach halted any supply of fuel – twenty billion gallons of oil, to be exact – costing a total of €3.4 billion.

Colonial hack: How did cyber-attackers shut off pipeline?
Attacks on critical national infrastructure are an increasing concern, experts say.
BBC News

So, who is behind these scams? Usually, large scale scams like that are orchestrated by gangs of hackers, in that case it was DarkSide. Though individuals have also had some luck. A Lithuanian man named Evaldas Rimasuaskas (now jailed) successfully scammed Facebook and Google out of $100 million by sending some convincing phony invoices to the right people.

There are reports of ‘scam factories’ in Thailand and other less developed countries with near zero internet regulation, who train people as young as 17 to deceive people through extremely dark methods. Some of these include catfishing and blackmailing with sensitive personal videos and information. Many of these factories are also the subject of harrowing stories of cyber-slavery – where people are trafficked or hired under false pretenses into an abusive system and forced to perform these scams.

With a 20 percent rise in cybercrime since 2023 and increasingly advanced methods, it’s more important than ever to be vigilant online. You truly can never be too safe, and it is clear that these scams are indiscriminate in their malice. It is equally clear that more needs to be done internationally to prevent the scams happening in the first place, such as regulations on internet use and humanitarian causes to stop the industrialisation of this exploitation.

It is also vital to understand that anyone can fall victim to a scam, regardless of how tech-savvy they are. This will not only keep people alert to possible scams, but will reduce the stigma around being a victim, ensuring people feel comfortable to share their stories, enabling everyone else to learn about new forms of scams that they may have fallen for, had they remained a secret.

Featured image: Wikimedia Commons/B_A