Why we fall for cybercriminals – and how we can protect ourselves

The warnings have been around for many years: don’t click on links in e-mails or messages. How do criminals get us to do precisely this, time and time again? Cybercriminals do not rely on sophisticated technology alone – they primarily use psychology. Hackers know exactly what buttons they need to press to deceive us: fear, convenience, empathy, authority and curiosity.
Here are the five most important (psychological) tricks used by online fraudsters and how you can protect yourself against them.

Fear and time pressure

Nothing makes us react as impetuously as fear. Fraudsters deliberately exploit this to override our rational thinking. Fear, combined with time pressure, can become an effective tool. When we switch into alarm mode, we act instinctively. The criminals know this and use it to exploit us. With phrases, such as ‘immediately’, ‘last chance’ or ‘within 24 hours’ in e-mails, messenger texts, letters or telephone calls, they artificially generate stress.

Typical scams:

• “Last warning”
• “Unusual activity detected”
• “Your account will be closed”
• “Response required within 24 hours”

Tips on how to protect yourself:

• Banks and reputable businesses will not put you under pressure in an e-mail, text message or telephone call.
• Take your time, check the information carefully and visit the official website or call the hotline to be sure.

Convenience

Our digital lives should be as quick and convenient are possible: do a quick check, click the button, done. And it’s precisely this convenience that provides the scammers with an opportunity. Nowadays, phishing messages are often so professional that it is very difficult to tell them apart from real messages. Remember to always ‘think before you click’.

Typical scams:

• Fake delivery notifications
• Fake invoices in an attachment
• Professionally designed fake log-in sites of real providers

Tips on how to protect yourself:

• Do not click on links or call telephone numbers in messages. Go to the platform or app directly and research the information yourself.
• Type the names of websites in your browser.
• Only open attachments when you know the sender and there is no doubt it is real.

Proximity, willingness to help and empathy

Fraudsters not only exploit our fear, they also exploit our empathy, compassion and willingness to help. Particularly in the case of romance scams, fake charity campaigns or apparent emergencies, fraudsters will exploit their victim’s feelings. The perpetrators deliberately establish trust in order to emotionally manipulate their victims, thereby impairing their ability to act rationally.

Typical scams:

• Romantic acquaintances that urgently need money.
• Messages from ‘friends’ needing help with an apparent emergency.
• Appeals for donations, e.g. after natural disasters.

Tips on how to protect yourself:

• Ask questions via a different secure channel (telephone).
• Talk to relatives or friends about it, be mistrustful when it comes to giving financial help to people you don’t know.
• If you want to donate money, use the charity’s official website.

Authority

People tend to trust those in a position of authority, which is why cybercriminals pretend to be supervisors, police officers or bank employees, for example. The presumed authority conveys a sense of security, causing people to lower their guard. Victims tend to follow instructions without questioning them.

Typical scams:

• “This is company XYZ, I am calling about an unpaid invoice, please transfer the money urgently.”
• Phone calls from people claiming to be bank employees
• Fake e-mails from local authorities

Tips on how to protect yourself:

• Never reveal your TANs, passwords or codes.
• Call back only on official, known telephone numbers. Do not use the automatic call back function on your telephone, do not call numbers in messages directly.
• When asked to transfer money, always employ the dual control principle and get a second person to check it for you.

Curiosity

Prizes, big discounts or special offers pique our curiosity and raise our hopes of an unexpected windfall. These positive feelings cause us to drop our guard and we are less likely to question the legitimacy of these offers, we are quicker to click on links or reveal personal data. Cybercriminals deliberately use this concept to lure us into participating in fraudulent competitions or visiting the websites of dubious online shops or those with virus-infected offers.

Typical scams:

• Fake competitions
• Unrealistically cheap prices in online shops
• Sensational headlines or announcements that arouse curiosity and entice people to click on them.

Tips on how to protect yourself:

• Be wary of unrealistic offers.
• Always check the legal notice, reviews and domain names.
• Be sceptical of offers promising big prizes, don’t give away any personal data. In case of doubt, contact the provider via their official communication channel.