“There’s a sucker born every minute”, a phrase often attributed to the 19th century showman, P.T. Barnum, has existed in some form for many years. It predates modern technology and it even predates Mr. Barnum. Con men are people who take advantage of our default desire to trust and know how to manipulate people into doing something that under normal circumstances they should know better. Whether it is a travelling 19th century “doctor” selling his cure-all medicine, the now infamous Nigerian Prince scam, or a real estate investor offering you a chance of a lifetime deal.
Most of us don’t fall for these scams, but if we all know these ruses, why do people still use them? Because it only takes 1 or 2 people to respond every few months to make it worth while for the con man. The scams of the last few years almost seem less creative than those of yesteryear, but that isn’t because the scammers aren’t as smart. It is a numbers game.
When you are a travelling snake oil salesman, travelling between small towns by horse-drawn cart, you might only have access to a few hundred people a month. Your conversion rate had better be great to bring in a decent income. In the modern era of rapid and mass communications you can buy an email list for between $150-$350 per thousand people (legally) and there are less expensive ways to get email lists illegally.
Sometimes the new scams can be creative; just last month I received a new scam email. It came to my email addressed from my own email. In the email they claimed that they belonged to an international group of hackers who had hacked my email address and then used that to infect my phone, computer, tablet and any other electronic device I had that was connected to the internet.
In this email they claimed that the fact they had emailed me from my own email address was proof that they had hacked my email. They also included my password in the email, to prove that they knew it, and claimed that they had downloaded all of my contacts from my phone using this malware. They also claimed that they had monitored my internet access and had captured images of pornography I was. Their accompanying threat read “We will send these images to everyone on your contact list in 72 hours if you do not send us $800 in crypto currency to this account”.
The password they included actually was a password that I use on lower security websites, so obviously they had hacked a site to have gotten it, though it is not the password that I use on my email. Emails are actually sent as low security, unverified, plain text and the email “From” field, along with all the rest of the fields, is something that can be filled easily. An average programmer could build a spam-generating email tool in an afternoon and then fill out the email/password pairs from a hack list from some low security site.
What can the government do about this? What can we do about this?
In reality, the government has enacted as many laws and regulations as possible to safeguard us against these situations. I’m not sure loading more laws into the mix will have an impact. If you cannot increase catch and conviction rates for the perpetrators, and really how easy is it for us to prosecute someone living in foreign nations, where these people often operate? This can only be solved by us taking precautions, both in how we trust people and how we use technology.
How can we prevent ourselves from falling victim to technology-based scams? The solutions have been listed by every technology commentator, but obviously bear listing again:
- I’ve heard it said that you should have a different password for every login. And though that would be more secure, it likely isn’t practical for most people. So, as a compromise, I suggest that you have several passwords that you use regularly. A “high security” one that you only use on your computer or e-mail. A “low security” one that you use on all higher risk sites. That way, if a password is compromised, it is siloed and will only affect 1 group of accounts. We change the batteries in our smoke detectors annually. I suggest at the same time, sit down and change all of your passwords.
- Make sure that if you are using a WiFi router that you purchased, change the default password.
- Install a virus protection application on your computer, tablet, and phone. There are many available. Paid systems usually have a license that allows you to extend protection to multiple devices, these days, and there are plenty of decent free options out there too.
- If you receive an email or text from someone you don’t know (or even someone you know that you weren’t expecting) don’t click on any links in the message.
At the end of the day, every con is based on the gullibility of the victim, regardless of what technology is being used. When something comes your way, like the “sextortion” scam I mentioned above, stop and think to yourself how likely this is to be true? Stop and think before responding to emails or clicking links. Following these precautions could save you thousands of dollars or a big headache.