Why do we still fall for phishing scams?

Students are a prime target for online scams, from phishing to malicious sites. But why does the Generation Y, who lived through these scams for years, still fall for them?
Written by Charlie Osborne, Contributing Writer

People lose money through online scams every day. They pay for that online degree which is just so much cheaper than actually studying for it, or can't resist wiring across money to that bank manager in Nigeria on the off chance they're truly related to the dead beneficiary.

There are some fantastic stories out there, from online dating scams to the hit-man that threatens to murder you unless you pay him.

But why do we fall for it, and then think afterwards: "I should have known better"?

(Source: Flickr)

The recent arrest of six men in connection to a student phishing scam worth £1 million is just another example of the rise in global cyber-crime. The scam involved sending emails to students containing fake student finance pages in order to lure them into submitting their bank details.

These pages were convincing enough that potentially thousands of students released private information into the phishing system. This allowed the scammers to gain access to the students' bank accounts -- with police reporting sums of £1,000 to £5,000 taken each time.

In retaliation to this, the Student Loans Company (SLC), which finances students' university tuition fees, has been forced to conduct a phone campaign to warn their customers of the attempted fraud.

Last year, I applied for a job in Dubai. The job posting was placed on a trusted recruitment site, the website address I was sent appeared perfectly legitimate. Everything seemed professional. I was offered an interview, and I accepted.

Everything seemed to be going well. The salary was excellent, and the flights were going to be paid for. The woman who interviewed me via Skype spoke English well and put me at ease about moving so far away.

It was all fine -- until I received an email from the company asking for a deposit of $400 for 'visa processing fees'.

Alarm bells rang in my head, and I took to the web to research. Within moments, the company was labelled as a scam on the genuine company's website.

The problem with e-mail is that you cannot see the person sending it to you. You don't know the location of the person, and you can't talk to them. But what is it about written word that legitimises things to such an extent that Generation Y, having grown up with online networks, still fall for these scams?

In relation to the above student phishing scam, the most 'popular' times to release these emails coincide with student loan payments. Surprising, that.

If the scam artist is smart, they might even direct you to the legitimate website and then window-capture your information.

People trust email more if they are from familiar sources. Considering the less-than-reliable times of these SLC payments for most students, if you received an email stating there was a problem and details had been lost, these emails are often expected.

Considering Dubai, if I was completely 'green' on working abroad, there's a real possibility I would have considered the request for visa payment legitimate and reasonable -- perhaps even to parting with money in order to secure the 'job' I needed.

The phishing scams work by fulfilling a prophecy that you considered possible in the first place.

It provokes a 'gut reaction' -- to make you spontaneously submit to give the information they want. (The Student Loans Company has lost my information again? I knew it!). In fury and irritation, you click on the 'site' and hand over your details.

I would guess that few people look at the email, sit on it a few days, then go back and input their financial information. The panicky freshman student who thinks they may not be able to pay the rent is a beautifully susceptible target.

Play on emotions, threaten an account termination, and you're in.

Scammers take advantage of necessary, everyday processes. Emails are requested more than 'snail mail' in many industries. Job application forms are filled out online, and resumes are sent digitally. Is it any wonder that extended use of digital media instead of print is changing how legitimate we believe digital information is?

Next time you receive that 'urgent' Student Loans Company email, ask why they didn't call you instead. Or better, take a deep breath, have a cup of tea, and then call them.


Editorial standards