“I got scammed!!!”
“I didn’t know that he was a scammer.”
“He sounded so legit.”
“I was after the big discount.”
“It was the last item, and I didn’t want to lose it.”
Such are the words or statements that I often hear from people when they fall prey to scams particularly via online marketplace. Most of the time, people realize that they have been scammed only after they transfer money electronically and are then blocked by the supposed seller.
Others are even made to believe that they are sending money to their family members only to realize afterwards that a different person has taken over the account of such relative.
Most of the time, being scammed happens to those who are not knowledgeable about the modus operandi of scams, but sometimes, it can also happen to those who are aware and alert.
Heck, it has even happened to me when I was trying to buy an item via online marketplace. You would think that being in the anti-fraud profession and risk management world that I would not be a victim of such. Unfortunately, it can happen to the best of us.
This often begs the question of “How can such ploys be so effective?” How do they become undetectable and why do we fall for it?
A lot of scams begin with the very understanding of the nature of man, of us Filipinos.
Innately, we like bargains, we look for low prices, we go for huge discounts and we keep a look out for easy purchases. This is the fundamental mindset of most individuals which often becomes their weakness that scammers exploit. Scammers first seek to understand us so that in doing so they can also find ways on how to lure us into their traps.
So how do scammers really do this?
Let me start by introducing the principle of the “cyber kill chain” which most scammers are using nowadays.
Lockheed Martin came up with this concept after a military framework that was originally established to identify, prepare to attack, engage, and destroy the target. It has now evolved as a key tool for cybersecurity particularly against insider threats, social engineering, ransomware, and other new attacks. (Buckbee, 2023)
Steps in this kill chain includes — First, understanding the target or trying to know the target’s normal behavior and patterns.
The second step focuses on how one can do the attack after identifying weak points or vulnerabilities. The third step is to further exploitation to secure access after gaining a foothold.
Step four is to get more access and even privilege access to ensure permissions are elevated to an admin one.
Step five — once one is inside and has admin access, they can try to move within one system to another to gain more leverage. In the sixth step, they start covering their tracks so that they do not get caught.
The seventh step is more of disrupting the normal access of users and systems so that any monitoring or prevention ceases.
Lastly, the eighth and final step is getting out of the system along with whatever information or data one has acquired.
Similarly, this is how fraud happens. Fraudsters are utilizing the very same attack pattern to execute fraud.
First, they try to get to know you, make you believe and trust. Second, they try to find your weaknesses whether it be giving you a deal that is super attractive, or even acting like someone you know in the cases of messenger group account takeovers.
Then once they get a foothold, they try to exploit you more until you finally send them money. This is the time to do the sixth and seventh stages simultaneously often ending in blocking you in social media or completely deleting their account.
They then exit with the funds thereafter.
It’s funny how such a simple flow becomes effective over and over again, and even to multiple people.
It is not because we fail to see but rather because of its very design wherein it preys on our vulnerabilities. It looks at our profile and tries to understand our tendencies and behavior.
Such is social engineering, and it has proven to be a very effective tool in the cyber kill chain or in this case, the fraud kill chain.
The first step, which is understanding your target, is key for most scams to be successful.
So the next time we feel that something is not right, remember that scammers are using our tendencies to make scams successful. Awareness and education help us from becoming victims. A lot of self-knowledge and understanding goes a long way.
Like in the Art of War, let me end with this quote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”