by ThinkCyber | Reading time: 6 minutes
In the vast realm of cyberspace, a world filled with opportunities and pitfalls, one young woman's story is a testament to the power of cybersecurity awareness. It all began with an unsolicited message, an invitation that seemed too good to be true.
Meet Claire, an ordinary woman navigating her way through the digital age. She was minding her own business, watching reels on Instagram, when an intriguing message popped up in her inbox, promising wealth beyond imagination. The sender, who went by the name "Bernard James", claimed to be a wealthy sugar daddy, offering thousands of pounds to Claire in exchange for her companionship.
At first glance, the offer seemed irresistible. Who wouldn't be tempted by the promise of financial security and luxury gifts? But Claire knew how to spot an online scam, and instead of immediately declining the offer or falling into the trap, she decided to have a little fun of her own.
Let’s hear from Claire:
“For three days straight, I engaged in a virtual game of cat-and-mouse with someone called Bernard James. Throughout the entire ordeal, I was extremely careful to protect my sensitive data. Bernard kept up the act of a wealthy and glamorous individual, showering me with compliments about my appearance. However, I remained vigilant and continued to gather important details about him in the background.
At first, Bernard attempted to win me over with compliments, asking for photos and making me feel special. However, the fact that the interaction was taking place on Instagram was a clear giveaway that something was not right; a legitimate person would have been able to see my previous photos on my profile and realise that the photos I was sending them did not belong to me.”
“Bernard seemed to ignore this detail and continued his charade regardless. To keep up the "game", when he started to talk about money and offered me financial stability, I accepted the proposal right away.”
"After some time, Bernard began to open up and connect with me on a personal level. He showed vulnerability and shared more about himself, with the intention of making me feel sorry for him.
However, when I replied with a nonsensical answer about cars, Bernard seemed to ignore it. This was the second indication that he probably wasn't reading my messages. It made me wonder if he was really that desperate for attention.”
"In another episode of this 3-day endeavour, Bernard tried to maintain a special status by giving me orders like “You must not argue with me!” or “Ask for my permission before giving out my info”; clearly here Bernard is trying to make sure I keep this relationship a secret. A third person could recognise this scam and advise me otherwise.”
“Finally, after three days, I thought that I had enough fun and I wasted enough of my (and his) time. I decided to go straight to the point and asked Bernard for the promised money. At this point, Bernard asked for my PayPal information and tried to move the conversation to a messaging app, in this case, Telegram."
"This gave me one more chance to mock him with a silly joke and when he finally gave up, he started calling me a scammer.”
There are several reasons why scams like the one mentioned above can be successful. Although the example provided may not be the most elaborate, it still exploits common cognitive biases and heuristics that scammers often use to deceive their victims.
As practitioners, we can share the following tips with people in our organisation when we deliver awareness training:
With Security Awareness Month coming to an end, Claire's story serves as a reminder of the importance of cyber education and training in the digital age. While her tale was entertaining, it also showcased the very real dangers that lurk in the online world. By staying vigilant, trusting her instincts, and practising good cybersecurity hygiene, Claire was able to turn the tables on a potential scammer and protect herself from harm.
As practitioners. we can use stories like Claire’s to help people understand that these threats are real, and can happen to them too. Using real examples, our content gets more engaging and easier to digest for our users.
ThinkCyber has created content about romance scams and more that Redflags® can help you deliver directly to people's devices; short and engaging stories that break the barrier to engagement delivering an 80-90% engagement rate without chasing or incentivising.