Why People Fall for Scams

Why People Fall for ScamsScammers use a variety of tried-and-true tactics to trick people, according to André Lameiras at ESET. For example, they can easily find open-source information about people on the internet and use this to craft targeted attacks.

“Some scammers will use all available and seemingly harmless data about you to their advantage, watching your every move online, typically on social media, in order to eventually exploit your digital footprint,” Lameiras says. “Unless you’re careful, the more you interact online, the higher the odds that they’ll know a lot about you – ultimately, they may have an easier time duping you.”

Scammers also know that people are more likely to fall for scams that appear to come from people in positions of authority, such as law enforcement. In targeted attacks, the scammers often pose as the user’s boss or an executive at their organization.

“People tend to trust those in positions of authority,” Lameiras says. “Fraudsters often impersonate people who hold some kind of expertise: a government worker, a lawyer, a company executive or an expert in a specific field. These are all people we were taught to trust. Scammers will try to look official and use the names of companies or organizations you might recognize.”

Additionally, scammers often use phony sob stories or pleas for help to take advantage of their victims’ sympathy.

“Ploys that involve requests for help create empathy with the scammer or with the people who the fraudster claims to represent,” ESET says. “For example, narratives of personal tragedies or public emergencies remain effective. Even if in the back of your mind you know it might not be true, you are still inclined to help ‘just in case.’ Scammers realize that people want to feel useful.”

New-school security awareness training can teach your employees to recognize social engineering tactics so they can avoid falling for scams.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews