Scams work.

…and it’s probably your fault.

Scams. They’ve been around as long as there have been clever people (lazy, evil, shitty, clever people.)

Patsies (a.k.a. suckers.) They’ve been around as long as there have been scams.

Like I said, it’s probably your fault.

Do you believe that there are good people in the world? Are you the kind of person that likes to help others? Well, SHAME ON YOU. You good people are ruining the internet for the rest of us.

OK… maybe it isn’t your fault exactly. Bad people prey on good people and that’s just how that works. Maybe I’ll rephrase: If you’re a good person, but you don’t take efforts to protect yourself from bad people, well then, shame on you.

What makes scams work?

At work, we noticed a trend of customers reporting a particular scam, so I wrote a notice and posted it to our blog. This one isn’t new, but it doesn’t have to be new to work.

Scams make use of those things engrained in us. Rewards are good. Punishments are bad.

Let’s exchange things. People prey on our desire for reward. I’ll give you a thing that’s very valuable, and you give me something less valuable in return. Sounds great. You’d obviously want to jump on that, it’s how you get ahead in life! Of course, the thing I’m giving you is probably fake/stolen/otherwise not fit for trade. But you’ll find that out later.

Give me some things, or else! People prey on our fear of loss. You’ll be punished very harshly if you don’t give me something valuable. Paying me will cost much less than dealing with the punishment I’m promising. That punishment is usually made up, but again, you’ll find that out later.

By the way, “later” is almost always “too late.” By the time you figure out you’ve been had, there’s very little you can do to recoup your losses.

Does the quality of the scam matter?

Obviously some scams are better than others.

You’re generally safe in your online practices, but someone in your family clicked that link and now your computer is encrypted and demanding money. Early on, you could recover from this with a bit of skill or help. Well, it’s progressed to the point that the FBI says “just pay the ransom.” That’s a good scam.

Someone you’re very distantly related to has died and left you vast sums of money. To get access to that money I’ll need you to provide me the details of your bank account and maybe a relatively small amount of money to confirm our accounts can talk to each other. (You can substitute dead relative with foreign royalty.)

Hopefully you’re confident in your sense of which one of those scams is harder to avoid. But does that make one of them less dangerous? That confidence you have is based on experiences you’ve had. Think about the very young or the somewhat old — the people who are “new” to the internet. If they received that email for the first time, can you see how it could pique their curiosity? They just might reply, or worse, they might click on the link in that email.

As I said above, a scam doesn’t need to be new to work. It only needs to be new to the target. You probably won’t fall for it the second time. It’s that first time that really matters.

“I’ve just been mugged, my mother’s in the hospital, and my leg’s off. Can you please give me $5?”

To be clear here, I’m not saying that charity is scam. I’m not saying you can’t give change when someone asks. I’m saying that you have very little ability to differentiate between the legitimate request and the scam.

A scam doesn’t need to promise riches. It doesn’t need to be extremely complex to avoid detection. It just needs to work.

Whether or not a scam will work depends on the person being targeted, but these days it seems like there’s one for each of us.

How do you go about protecting yourself?

Prevention is worth... well, at least as much as they’re asking for, sometimes more.

You may notice a recurring theme in my posts. Common sense. It’s one of the greatest tools we have, but one that is frequently overlooked and under utilized.

Does something seem too good to be true? It is.

Does it seem odd to you that the FBI is coming to get you, when you’ve done nothing wrong and maybe you’re not even American? It is.

That little itch, that tickling sensation in the back of your mind, that’s your common sense telling you run the other way. Listen to it.

What’s louder than common sense? Greed. Fear. Lust. … well, just about everything. It can be really hard to hear that little voice, even when it’s screaming. Common sense may be overwhelmed by those other louder signals. Practice.

A few other things you can keep an eye out for:

Grammar and spelling! (I swear I have no affiliation with your former teachers). Most legitimate business communications will look like they were written by someone who, at a minimum, had access to basic spell and grammar checking tools. “Wut? y r u not beleeving me dat i paid fer it?”

I’m always wary of unnecessary emotional content. Sad, but true. Outpourings of emotion might be someone venting part of their life, and sometimes people do need to do that. It might be someone pulling on those heartstrings, dragging you into a trap.

A sense of urgency. People putting a rush on things could be looking to get paid out before the card they’re using gets reported as stolen. Or, maybe they are running a business, which most of us understand requires a rush on everything.

Lastly, I’ll mention what I, and so many others, have written about before. The computer security basics. Understanding good passwords and password best practices (don’t share them!), using password managers, turning on encryption everywhere you can, exercising phishing awareness (don’t click that link!) and using some form of anti-malware. These things will help prevent you from stumbling into bad situations.

tl;dr — Scams are everywhere, targeting everyone. They’re easier to avoid if you’re looking for them.