Decoding the Anatomy of Scams: How They Work and How To Spot Them
Scams are a growing concern for banks and fraud fighters.
Due to their increasing sophistication, scams are difficult to detect for both victims and anti-fraud systems. What strategies and psychological techniques do scammers employ? Let’s delve into the insights shared at the recent ThreatMark Fraud Summit.
Urgency, authority, and trust: Three elements of a scam
Online scammers use universal strategies that exploit human psychology, explained Zuzana Juráneková, a professional counselor and head of crisis intervention centers at IPČKO, at the Czech & Slovak Fraud Summit. Regardless of the type of scam (investment, romance, AI-driven, or other), the cornerstone is of a successful scam is the induction of fear, urgency, or time pressure, usually through social engineering. This deprives the victim of the opportunity to think rationally about the legitimacy of the scammer’s demands. Once the victim’s stress overrides rational thinking, the attacker has overcome the most difficult part of the scam.
Another key aspect of online fraud psychology is the creation of emotional bonds and trust. Fraudsters often simulate authentic relationships, showing care and willingness to help in difficult situations. By portraying authority (e.g., impersonating police officers or bankers), they increase the victim’s vulnerability. This perceived attachment allows attackers to manipulate victims more effectively and easily convince them to send money or divulge personal information.
Tailor-made manipulations
Exploiting urgency, authority, and trust are the basic mechanisms of scams. However, the tactics vary depending on the victim. For young men, scammers often exploit sexual desire. Most attacks on this group have a sexual subtext. Scammers pose as attractive women and lure intimate photographs from their victims, along with money or sensitive information. This leads to subsequent sextortion, where scammers demand a hefty ransom (usually starting at €3,000) under threat of sharing the pictures publicly. Women are often targeted by romantic scammers, typically using narratives of soldiers stranded in foreign countries, oil rig tycoons, traveling business executives, and others.
In the case of personalized attacks on the elderly, scammers exploit their sense of responsibility and fear for others. The grandparent scam typically involves a fraudulent phone call claiming that a grandchild is in trouble (e.g., involved in a car accident) and needs money to avoid legal consequences. Seniors also generally have more trust in communications via digital channels than other demographics.
Furthermore, scammers cleverly exploit weaknesses that people—often inadvertently—reveal. They take advantage of their victims’ unfulfilled needs for attention, understanding, empathy, and love. Specific circumstances like loneliness also play a role. Among the relatively trivial but effective tactics used by scammers is asking about one’s favorite color. If the victim likes green, the scammer will start sending messages with green hearts. Despite varied tactics, the goal remains the same: to build the strongest possible relationship with the victim and establish rock-solid trust in the attacker.
False, but convincing evidence
In a wide range of impersonation scams, fraudsters usually have a vast array of documents, certificates, and seemingly authentic references to gain the trust of their victims. They are very skillful speakers and have a ready answer to all possible objections and questions. Initially, they provide the victim with information that is actually true and verifiable to gain their trust and secure their future cooperation (known as pretexting). The key strategy of the scammers is then the aforementioned psychological manipulation. The combination of these factors makes their strategies extremely effective and dangerous.
Who is behind the scams?
Ondřej Kapr from the Police of the Czech Republic confirmed at the ThreatMark Fraud Summit that the incidence of impersonation fraud with fake bankers and investment advisors is increasing significantly. Scammers in these cases are very cunning and adaptable—they change their sophisticated manipulations over time. Scam scenarios suggest advanced organization by the attackers, as certain fraudulent series in cyberspace follow a particular template. The sophistication of criminals is confirmed by the evidence of the Czech Police. In almost all cases in this region of Europe, these are very well-organized groups, mostly citizens of Russia and Ukraine.
How can banks protect their customers from scams?
While awareness campaigns are a useful addition to banks’ preventative strategies, a key element in combating fraud is a state-of-the-art detection system. As scams often lead legitimate customers to make seemingly legitimate transactions directly to fraudsters’ accounts, legacy systems based on detecting external threats and unauthorized payments are losing efficiency.
To detect sophisticated scams and social engineering schemes, a holistic approach is needed to monitor a wide range of signals. This includes:
- Instant payment risk scoring: In vishing attacks, scammers often deploy high-priority transactions. Carefully examining the priority attribute of a payment can help reveal scams.
- Active phone call: Social engineering tactics often include actively manipulating victims into sending money immediately, often talking the victim through the transaction process. An active phone call can thus be a signal of a scam in process.
- Abnormal payment: Fraudulent payments can often be revealed by analyzing payment amount, time, frequency, and beneficiary.
- Remote access tools (RAT) in use: Hijacking a legitimate banking session by using RAT is another frequent tactic that can be revealed by analyzing mouse movements, keystrokes, and other behavioral patterns.
- Payment tampering: Payment tampering fraud happens when someone intervenes with the payment process to divert funds, alter payment information, or manipulate transaction data. Discrepancies between payment details can reveal tampering.
- Anomalies in mobile biometry: Observing each user’s unique patterns of how they use a device during previous sessions, mobile behavioral biometry can be used for continuous user verification.
Leveraging behavioral intelligence
ThreatMark’s behavioral intelligence can monitor all the factors listed above. Combining transaction risk analysis, threat detection, and user behavior profiling capabilities in one integrated platform, ThreatMark’s Behavioral Intelligence Platform is the world’s first full-stack fraud prevention solution based on behavioral intelligence.
Why is the Behavioral Intelligence Platform particularly effective against modern-day scams? It augments behavioral markers with user-specific information, including location, device, time and date, navigation patterns, and transaction behavior. Combined, these deliver the best contextual value, resulting in fewer falsely rejected users and transactions while mitigating risk with precision. This approach also makes the platform future-proof against emerging scam tactics.
ThreatMark also uses the latest AI methodology to track attackers’ activities in real-time throughout the entire attack lifecycle. By successfully identifying where and how the fraud occurred, ThreatMark disrupts the fraud infrastructure and crime ring operations targeting other banking customers. This approach significantly reduces fraud losses and has long-lasting effects.