Issue link: https://maltatoday.uberflip.com/i/1473070
13 maltatoday | WEDNESDAY • 13 JULY 2022 OPINION Gareth Norris, Max Eiza & Oliver Buckley theconversation.com WE all like to think we're im- mune to scams. We scoff at emails from an unknown send- er offering us £2 million, in ex- change for our bank details. But the game has changed and con artists have developed new, chilling tactics. They are tak- ing the personal approach and scouring the internet for all the details they can find about us. Scammers are getting so good at it that even cybersecurity ex- perts are taken in. One of us (Oliver Buckley) re- calls that in 2018 he received an email from the pro-vice chancel- lor of his university. This is it, I thought. I'm final- ly getting recognition from the people at the top. Something wasn't right, though. Why was the pro-vice chancellor using his Gmail address? I asked how I could meet. He needed me to buy £800 worth of iTunes gift cards for him, and all I needed to do was scratch off the back and send him the code. Not wanting to let him down, I offered to pop down to his PA's office and lend him the £5 note I had in my wal- let. But I never heard back from him. The infamous "prince of Ni- geria" emails are falling out of fashion. Instead, scammers are scouring social media, especially business-related ones like Linke- dIn, to target people with tailored messages. The strength of a rela- tionship between two people can be measured by inspecting their posts and comments to each oth- er. In the first quarter of 2022, LinkedIn accounted for 52% of all phishing scams globally. Human tendencies Psychologists who research obedience to authority know we are more likely to respond to re- quests from people higher up in our social and professional hier- archies. And fraudsters know it too. Scammers don't need to spend much time researching corpo- rate structures. "I'm at the con- ference and my phone ran out of credit. Can you ask XXX to send me report XXX?" runs a typical scam message. Data from Google Safe Brows- ing shows there are now near- ly 75 times as many phishing sites as there are malware sites on the internet. Almost 20% of all employees are likely to click on phishing email links, and, of those, a staggering 68% go on to enter their credentials on a phishing website. Globally, email spam cons cost businesses nearly US$20 billion (£17 billion) every year. Busi- ness consultant and tax auditor BDO's research found that six out of ten mid-sized business in the UK were victims of fraud in 2020, suffering average losses of £245,000. Targets are normally chosen based on their rank, age or social status. Sometimes, spamming is part of a coordinated cyber at- tack against a specific organisa- tion so targets are selected if they work or have connections to this organisation. Fraudsters are using spam bots to engage with victims who re- spond to the initial hook email. The bot uses recent information from LinkedIn and other social media platforms to gain the vic- tim's trust and lure them into giving valuable information or transferring money. This started over the last two to three years with the addition of chatbots to websites to increase interac- tions with customers. Recent examples include the Royal Mail chatbot scam, DHL Express, and Facebook Messenger. Unfortu- nately for the public, many com- panies offer free and paid servic- es to build a chatbot. And more technical solutions are available for scammers these days to conceal their identities such as using anonymous com- munication channels or fake IP addresses. Social media is making it easier for scammers to craft believable emails called spear phishing. The data we share every day gives fraudsters clues about our lives they can use against us. It could be something as simple as some- where you recently visited or a website you use. Unlike general phishing (large numbers of spam emails) this nuanced approach exploits our tendency to attach significance to information that has some connection or for us. When we check our full inbox, we often pick out something that strikes a chord. This is referred to in psychology as the illusory correlation: seeing things as re- lated when they aren't. How to protect yourself Even if you're tempted to bait email scammers, don't. Even confirming your email address is in use can make you a target for future scams. There is also a more human element to these scams compared with the blan- ket bombing approach scam- mers have favoured for the last two decades. It's eerily intimate. One simple way to avoid being tricked is to double-check the sender's details and email head- ers. Think about the information that might be out there about you, not just about what you re- ceive and who from. If you have another means of contacting that person, do so. We should all be careful with our data. The rule of thumb is if you don't want someone to know it, then don't put it online. The more advanced technol- ogy gets, the easier it is to take a human approach. Video call technology and messaging apps bring you closer to your friends and family. But it's giving people who would do you harm a win- dow into your life. So we have to use our human defences: gut in- stinct. If something doesn't feel right, pay attention. Gareth Norris is Senior Lecturer, Department of Psychology, Aberystwyth University Max Eiza is Senior Lecturer in Computer Security, Liverpool John Moores University Oliver Buckley is Associate professor in cyber security, University of East Anglia Email scams are getting more personal – they even fool cybersecurity experts If an email is setting off alarm bells, check the sender's details