(4 min read)
Scam mailshots and emails pretending to be linked to the World Cup in Qatar are the latest big-ticket phishing scams to hit the headlines.
According to the BBC, one group of scammers is sending direct mailshots claiming that there is a huge win on a lottery associated with the World Cup, and asking people to send money to claim their prize.
There are also the usual fake ticket sale scams, merchandising scams and even fake emails from sponsors.
These mailshots, emails, texts and messages are all designed to do one thing – scam you out of money or personal details. And while it might not seem like something that could affect your business, if a criminal gets access to your details, your phone or your laptop – even through an approach on your personal device – they can easily steal other important information. That could leave your business vulnerable.
Why do they work so well?
What is it about these scams – known as phishing scams – that mean they work so well?
One reason is because they play on a combination of current events and our own darn curiosity.
Humans are naturally curious creatures. When our brains are exposed to certain stimuli, our reward circuits are activated. This part of our brain controls how the things we want to obtain are evaluated and processed.
What actually happens? Well. dopamine is released during pleasurable experiences, like the reward we get when we satisfy our curiosity. You may have heard of dopamine: it is a neurotransmitter involved in encoding the memories associated with a reward, such as understanding how to achieve the experience again. It is also released by stimulants like alcohol, cocaine or nicotine. You can see how powerful this can be.
Once activated, our brain encourages us to look for those rewarding experiences – historically things like food, money or shelter. Today, we are stimulated just as much by access to information, the opportunity to share how clever we are, or the promise of something that’s ‘too good to be true’.
This was highlighted in a fMRI study in 2009, which found that basic trivia questions lit up reward circuits. In fact, Colin F. Camerer, director of the California Institute of Technology's Center for Social and Decision Neuroscience, and an author of the fMRI study said: “Even if information does not have any immediate value, the brain has a general hunger for just knowing for the sake of knowing.”
So, essentially, curiosity is the anticipation of a reward. ‘What will I get if I click this link?’ ‘What if this is genuine and I miss out on a prize?’ ‘What harm can it do to open the attachment and see if I’ve won?’
Which, of course, is exactly what the criminals want you to do. They build hacking campaigns that mix curiosity with a context we might be interested in. At the moment, it’s the World Cup and in a few weeks it will be post-Christmas sales. A couple of years ago it was Covid, when Google reported phishing emails increased 600% in the first two months of the pandemic.
Criminals will hone in on whatever current issue it thinks people are paying attention to. They build on people’s fear of missing out, add a dash of curiosity and sit back and wait for the money to roll in. And it does.
How can you protect yourself?
Always take a proactive approach. If you’re not expecting the communication, or it’s from someone you’ve never heard from before, be very cautious. And if it’s from a brand or a contact address you have seen before, don’t assume it’s legitimate. Always hover over links, check email addresses and go to websites from your browser rather than click a button or open an attachment.
And never, ever send money or data because you’re ‘curious’. Not only does curiosity kill caution, it can also empty your bank account, put your business at risk and ruin your day.
I regularly speak on how we can understand the way hackers work, and how we can use psychology to beat them.
If you’d like to know more about the psychology of phishing, how to spot the tricks, and why it continues to be so successful, you can book me to speak to your group or at your event. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact us today.
Sign up below to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.
Mark Brown, is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.