Why do we still fall for phishing scams?

Why do we still fall for phishing scams?

Summary: Students are a prime target for online scams, from phishing to malicious sites. But why does the Generation Y, who lived through these scams for years, still fall for them?

TOPICS: Security

People lose money through online scams every day. They pay for that online degree which is just so much cheaper than actually studying for it, or can't resist wiring across money to that bank manager in Nigeria on the off chance they're truly related to the dead beneficiary.

There are some fantastic stories out there, from online dating scams to the hit-man that threatens to murder you unless you pay him.

But why do we fall for it, and then think afterwards: "I should have known better"?

(Source: Flickr)

The recent arrest of six men in connection to a student phishing scam worth £1 million is just another example of the rise in global cyber-crime. The scam involved sending emails to students containing fake student finance pages in order to lure them into submitting their bank details.

These pages were convincing enough that potentially thousands of students released private information into the phishing system. This allowed the scammers to gain access to the students' bank accounts -- with police reporting sums of £1,000 to £5,000 taken each time.

In retaliation to this, the Student Loans Company (SLC), which finances students' university tuition fees, has been forced to conduct a phone campaign to warn their customers of the attempted fraud.

Last year, I applied for a job in Dubai. The job posting was placed on a trusted recruitment site, the website address I was sent appeared perfectly legitimate. Everything seemed professional. I was offered an interview, and I accepted.

Everything seemed to be going well. The salary was excellent, and the flights were going to be paid for. The woman who interviewed me via Skype spoke English well and put me at ease about moving so far away.

It was all fine -- until I received an email from the company asking for a deposit of $400 for 'visa processing fees'.

Alarm bells rang in my head, and I took to the web to research. Within moments, the company was labelled as a scam on the genuine company's website.

The problem with e-mail is that you cannot see the person sending it to you. You don't know the location of the person, and you can't talk to them. But what is it about written word that legitimises things to such an extent that Generation Y, having grown up with online networks, still fall for these scams?

In relation to the above student phishing scam, the most 'popular' times to release these emails coincide with student loan payments. Surprising, that.

If the scam artist is smart, they might even direct you to the legitimate website and then window-capture your information.

People trust email more if they are from familiar sources. Considering the less-than-reliable times of these SLC payments for most students, if you received an email stating there was a problem and details had been lost, these emails are often expected.

Considering Dubai, if I was completely 'green' on working abroad, there's a real possibility I would have considered the request for visa payment legitimate and reasonable -- perhaps even to parting with money in order to secure the 'job' I needed.

The phishing scams work by fulfilling a prophecy that you considered possible in the first place.

It provokes a 'gut reaction' -- to make you spontaneously submit to give the information they want. (The Student Loans Company has lost my information again? I knew it!). In fury and irritation, you click on the 'site' and hand over your details.

I would guess that few people look at the email, sit on it a few days, then go back and input their financial information. The panicky freshman student who thinks they may not be able to pay the rent is a beautifully susceptible target.

Play on emotions, threaten an account termination, and you're in.

Scammers take advantage of necessary, everyday processes. Emails are requested more than 'snail mail' in many industries. Job application forms are filled out online, and resumes are sent digitally. Is it any wonder that extended use of digital media instead of print is changing how legitimate we believe digital information is?

Next time you receive that 'urgent' Student Loans Company email, ask why they didn't call you instead. Or better, take a deep breath, have a cup of tea, and then call them.


Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I'm so cynical...

    ...I automatically delete any advertisement recieved by email--*especially* financial-related ones.
  • RE: Why do we still fall for phishing scams?

    Because ignorance is bliss and I know a LOT of very happy people!
  • RE: Why do we still fall for phishing scams?

    You can fool some of the people all of the time but you cannot fool all of the people some of the time.
  • RE: Why do we still fall for phishing scams?

    People still fall for these scams because they just don't pay attention to what they are doing, or they're just being greedy (looking to get that inheritance from the late wealthy oil tycoon in Nigeria). Any of those financial aid email scams (and most others for that matter) can be easily avoided by keeping one thought in mind. Legitimate businesses / organizations will not ask for bank / financial information through email. If it looks like an email from the college you attend, take the information to the financial aid office in person, or call the number you actually know for them. Most people that fall for these scams don't even stop to think for one second that it could be a scam.

    The thing with the job offer in Dubai is how they get most people. They seem legitimate enough to the point that they think you will not refuse to pay the money for fear of losing the opportunity. Maybe it's just my paranoia, but I wouldn't have just visited the site they sent me. I would have looked it up on my own to see if it was legitimate in the first place. On top of that, if a company really wanted to hire you, they wouldn't make YOU pay for the opportunity. That's what fools so many people with the secret shopper scams. There are actually secret shopper jobs, but any of them that say you need to send them money first is a scam.

    People that fall for scams like these are the reason people still say "a fool and his money are easily parted".
  • it's taken years

    but I've finally got all of my family to call me about every single email or popup or advertisement they're tempted to respond to before actually responding. And for awhile I just couldn't believe they kept thinking some of this stuff was legit. They're finally getting the "skeptic" bug and the phone calls are decreasing.
  • One word answer: GREED

    Phishing scams work because people see a number and immediately start spending the money in their heads. They completely ignore basic facts, because somebody told them they are going to become millionaires overnight and without doing any work.
  • Whole new public

    In marketing of any sort - legitimate, fraudulent, or political - it's easy to think of The Public as some monolithic organization with a group memory of recent history. But there's always a new generation coming up, always someone who was missed by the last scam and didn't pay attention to how others suffered from it.
    Congratulations on catching your scammers in time. They had a sophisticated attack going, playing you along through several steps before asking for money. You did good.
    I don't remember where I first read this: "Nobody ever went broke underestimating the intelligence of the buying public."
  • RE: Why do we still fall for phishing scams?

    I've gotten spams asking for my [insert huge bank name here] account info various times. Thankfully I don't use any of the huge banks scammers pose as. Local banks are great.
    Garrett Williams
  • RE: Why do we still fall for phishing scams?

    If you did not REQUEST the email and you have never emailed them prior, delete the email. That gets rid of all unwanted, unrequested, and dangerous emails.