(5 min read)
Imagine being a diligent university student, successfully balancing academics with two part-time jobs, only to see your hard-earned savings vanish with a single click.
Joanna's (not her real name) harrowing experience is a stark reminder of the sophistication and cunning of today's digital scammers.
Joanna, unlike many students, was financially prudent. Her savings account was a testament to her discipline. But one Friday evening, an innocent-looking text changed everything. It was from a delivery company (supposedly!). It contained a link, which she tapped, and to receive her delivery she needed to enter her bank details, unknowingly handing them over to cyber criminals. But nothing happened.
The innocent looking text message.:
However, the plot thickened a week later. 'Gary', posing as a bank official, called her. With well-practiced finesse, he embarked on a psychological manipulation game. And by waiting a week, these events seemed totally disconnected to Joanna. To 'verify' her identity, he sent a code via text, which came from her bank. What Gary did was try to log in to her bank account, which prompts the app to send a verification code – to Joanna. She thought Gary sent the code, for her to verify her identity, making him seem like a true bank associate.
Gary spun an elaborate story of deceit: scammers had got hold of her bank account details and got into her account. She was told money was due to be taken out of her account, so she had to "reverse" everything they'd done to protect her money. He said he was setting up a new account for her and was sending a new Bank card which would arrive in the next 5 business days. To protect her money from being taken by the scammers, they would transfer the money to her new account.
In a masterstroke, Gary tricked Joanna into opening an overdraft and taking out a loan – to ‘reverse’ these transactions. He knew exactly how to instruct her to do this. By the time their conversation ended, £8,200 of Joanna's money had been routed to an unknown account, cleverly named 'Izettle Ab - 7523 GB E'.
While Joanna's ordeal is gut-wrenching, she isn't alone. The digital landscape is rife with victims, from students to high court judges and company directors. An alarming BBC report headline in October read:
“My business had £1.6 million stolen in 20 minutes”.
The financial controller of this UK-based company – a brush manufacturer - was also targeted in a similar scam. Here too the target was psychologically tricked into thinking the firm's money was at risk and manipulated into transferring the money to the thieves themselves. Through a series of transactions, £1.6 million was transferred out in a mere 20 minutes.
The common thread in these scams? The victim's unwavering trust in the scammer, stemming from the latter's impeccable timing, knowledge, and seeming authenticity.
The silver lining in Joanna's dark cloud was her bank's intervention. Recognising the gravity and sophistication of such scams, they refunded her the entire amount. But not all stories have such endings. The brush manufacturer lost all of its £1.6 million.
The lesson is clear. In our digital age, awareness and vigilance are paramount. Scammers are evolving, their tactics more refined and persuasive. It's crucial to double-check, to question, and to be sceptical, especially when money is involved.
If you want to know more, this is the BBC article: https://www.bbc.co.uk/news/business-67149919.
And if you want to know how to effectively train people to avoid this for you and your company, contact us: www.psybersafe.com/contact.
Psybersafe is not your typical e-learning but a consistent series of short (5 to 10 minute) monthly online exercises, very accessible and interactive, which have proven to be effective with a lasting impact on your staff’s security behaviours.
Stay informed, stay safe!
Sign up to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.
Mark Brown is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.