Introduction
In the vast realm of cyberspace, a world filled with opportunities and pitfalls, one young woman's story is a testament to the power of cybersecurity awareness. It all began with an unsolicited message, an invitation that seemed too good to be true.
Claire’s story
Meet Claire, an ordinary woman navigating her way through the digital age. She was minding her own business, watching reels on Instagram, when an intriguing message popped up in her inbox, promising wealth beyond imagination. The sender, who went by the name "Bernard James", claimed to be a wealthy sugar daddy, offering thousands of pounds to Claire in exchange for her companionship.
At first glance, the offer seemed irresistible. Who wouldn't be tempted by the promise of financial security and luxury gifts? But Claire knew how to spot an online scam, and instead of immediately declining the offer or falling into the trap, she decided to have a little fun of her own.
Let’s hear from Claire:
“For three days straight, I engaged in a virtual game of cat-and-mouse with someone called Bernard James. Throughout the entire ordeal, I was extremely careful to protect my sensitive data. Bernard kept up the act of a wealthy and glamorous individual, showering me with compliments about my appearance. However, I remained vigilant and continued to gather important details about him in the background.
At first, Bernard attempted to win me over with compliments, asking for photos and making me feel special. However, the fact that the interaction was taking place on Instagram was a clear giveaway that something was not right; a legitimate person would have been able to see my previous photos on my profile and realise that the photos I was sending them did not belong to me.”
“Bernard seemed to ignore this detail and continued his charade regardless. To keep up the "game", when he started to talk about money and offered me financial stability, I accepted the proposal right away.”
"After some time, Bernard began to open up and connect with me on a personal level. He showed vulnerability and shared more about himself, with the intention of making me feel sorry for him.
However, when I replied with a nonsensical answer about cars, Bernard seemed to ignore it. This was the second indication that he probably wasn't reading my messages. It made me wonder if he was really that desperate for attention.”
"In another episode of this 3-day endeavour, Bernard tried to maintain a special status by giving me orders like “You must not argue with me!” or “Ask for my permission before giving out my info”; clearly here Bernard is trying to make sure I keep this relationship a secret. A third person could recognise this scam and advise me otherwise.”
“Finally, after three days, I thought that I had enough fun and I wasted enough of my (and his) time. I decided to go straight to the point and asked Bernard for the promised money. At this point, Bernard asked for my PayPal information and tried to move the conversation to a messaging app, in this case, Telegram."
"This gave me one more chance to mock him with a silly joke and when he finally gave up, he started calling me a scammer.”
The science bit
There are several reasons why scams like the one mentioned above can be successful. Although the example provided may not be the most elaborate, it still exploits common cognitive biases and heuristics that scammers often use to deceive their victims.
- During the 3-day attempt, Bernard uses emotional manipulation, which is a very common technique used in these kinds of scams, making his victim feel sorry for him or showering them with compliments.
- Bernard presents himself as a wealthy and glamorous individual playing on that Halo Effect; this cognitive bias can make us believe that attractive or well-dressed people are good.
- The scam also shows signs of Confirmation Bias, which is the tendency to interpret or favour information which aligns with our beliefs. Once the victim believes that this person has good intentions, they might tend to recall only the positive information and choose to ignore the negative ones.
What can we learn from this story?
As practitioners, we can share the following tips with people in our organisation when we deliver awareness training:
- Trust Your Gut: When something seems too good to be true, it often is. Claire had a gut feeling that this sugar daddy offer was a scam, and she was right.
- Don't Share Personal Information: Claire never disclosed personal or sensitive information to the scammer throughout the interaction, excluding of course what was publicly available on Instagram.
- Use Caution with Financial Transactions: Bernard attempted to lure Claire into sending her PayPal information via Telegram. We should always be cautious when dealing with money matters online even if we’re not sending money but receiving them. More about romance fraud can be found on actionfraud.police.uk.
- Report Suspicious Activity: Claire ultimately reported the scam to the appropriate authorities, helping to prevent others from falling into the same trap.
Conclusion
With Security Awareness Month coming to an end, Claire's story serves as a reminder of the importance of cyber education and training in the digital age. While her tale was entertaining, it also showcased the very real dangers that lurk in the online world. By staying vigilant, trusting her instincts, and practising good cybersecurity hygiene, Claire was able to turn the tables on a potential scammer and protect herself from harm.
In practice
As practitioners. we can use stories like Claire’s to help people understand that these threats are real, and can happen to them too. Using real examples, our content gets more engaging and easier to digest for our users.
ThinkCyber has created content about romance scams and more that Redflags® can help you deliver directly to people's devices; short and engaging stories that break the barrier to engagement delivering an 80-90% engagement rate without chasing or incentivising.