Digital Enquirer Kit: 2022 Summer Training Series
In this training series, experts in the field will provide you with skills, tools and best practices in digital security.
This article is an extension to the Data Detox guide “Too Good to Be True: Shining a light on online scams” and the 2022 webinar “A Look Inside Internet Scam Operations” (watch on PeerTube).
In the past several years, internet-enabled scams have become more insidious. You may have noticed a marked increase in the amount of phishing emails winding up in your inbox as well as calls and texts from unknown numbers. According to the Federal Trade Commission in the US, financial losses due to scams almost doubled between 2020 and 2022 (source). As technology advances and skills and resources are becoming more readily available, scammers are able to create more believable and difficult to detect websites, emails, social media profiles, and other tools to help them carry out their schemes. In this article, we will expose internet scam operations by exploring types of scams that you are likely to come across which will hopefully build your resiliency. But before that, we’d like to paint a picture of how deeply-rooted scams have been in the zeitgeist for generations…
Inheriting Scams as a Generational Heirloom
Imagine this: Rummaging around a box of family heirlooms one day, you chance upon a yellowed letter dated 1789 and addressed to a long-gone relative. The letter spins an elaborate tale of fortune and misfortune, in which an assistant to an aristocrat was forced to hide his gold and diamonds in the countryside to avoid capture from hostile military forces. When returning to retrieve the stowed fortune, he was apprehended and arrested for resembling a wanted fugitive. To make matters worse, he didn’t have any identification documents on him.
According to the letter, a treasure map was hidden in a false bottom of his suitcase, which he can dispatch to your relative. The only hitch, as it were, is that he was forced to sell his suitcase to a prison guard, and so all your relative had to do was send a comparatively small sum to the letter writer, so that they may buy back their suitcase from the prison guard, and in turn send them the concealed treasure map.
You chuckle, reading the letter, and hope that your relative never actually sent money for the suitcase that would surely never arrive.
* * *
A week later, you receive an out-of-the-blue email from someone who claims to be a person of “substantial means,” currently in the infirmary in a distant country, unable to travel owing to COVID. The email says they happen to have substantial funds stored in a bank in your area, but they are currently unable to access them.
If you could only help them access their funds to pay for medical expenses, you could keep a portion for your trouble. The only hitch is that they looked into the international money transfer, and a certain comparatively small percentage will be required upfront, which the email writer cannot presently afford, so could you do them the kindness of paying these initial transfer fees, which you can then compensate yourself for by taking the fees from the writer's account...
The advance-fee fraud has existed for more than 200 years, with scammers adapting the particular elements to leverage current social trends. The underlying mechanics of the scam, however, have fundamentally remained unchanged: the lure is the promise of a substantial future reward in exchange for a comparatively small upfront payment. The reward never comes, while the scammer pockets the money paid upfront.
A scam, swindle, or con is essentially a confidence trick. That is to say, the underlying objective of a scam is to trick you into having undue confidence in what someone says or does, based on deceptive or untrue pretenses. For instance, if a scammer contacts you and pretends to be your bank representative, then they are effectively trying to trick you into having confidence that it’s safe to tell them your private information, as they are ostensibly from your bank.
Specifically, scammers are typically after something you have that is desirable to them, which may be your money, your possessions, or even just information. Although the number of methods scammers use is quite vast, in general scams follow predictable blueprints. Once you learn the three common structures of scams, you'll be able to spot scammers, and help others do the same.
Scammers may try to lure you into their con by posing the enticing prospect of a vast future reward, as long as you make a minimal payment up front. For instance, a scammer may say that they'll share a percentage of their millionaire inheritance with you, provided you help them with some comparatively paltry international transfer fees. The scammer may even reference current economic turmoil in a particular country, plucked from news headlines—scammers often reference current events in attempts to make old scams stay relevant.
Another variation of a ‘give a little now, get a lot later’ scam flips the script: instead of you first giving the scammer a comparatively small sum, it is the scammer who instead gives you a gift or a small amount of funds preemptively, with the expectation that you’ll then give the scammer much more in return.
For instance, in an investment scam, a scammer may promise you a large return on your investment, and may say that they’ll allow you to make a small investment with them (much smaller than they typically allow their clients to make), to test the waters. If you invest a handful of money, the scammer may then put back an amount that’s 150% of your investment, showing you the prospect of large returns. When you then invest a much larger amount, expecting a similar percentage of returns, the scammer strings you along for as long as possible before ultimately absconding with your money.
A modern variant of this type of scam involves the scammer setting up a fake cryptocurrency exchange website, and then contacting you out of the blue to notify you that your account has some money in this exchange. Once you log in, it appears you do indeed have funds in the account. If you try withdrawing the funds, you receive a notification that you can only withdraw a tiny percentage of the funds, in order to verify your account. The small withdrawal works, and so you then try to withdraw the rest of the funds. At this point, the website informs you that you’re a bit below the minimum full withdrawal amount, and you need to add more money before you can withdraw the full amount. Once you do so, and then attempt to withdraw the full amount, the website greets you with a temporary error and tells you to try again later. The scammer has by now absconded with your deposit.
Scammers often offer goods and services at a steep discount. For instance, they may sell electronics, medicine, or tickets to popular events for a fraction of the retail cost. The scammer always has some excuse to explain away the low cost—it's a result of an overstock, or they just urgently need money quickly to cover medical expenses—and may attempt to offer various proofs of authenticity, for instance showing doctored receipts or certificates.
When you buy the item, you invariably discover that it doesn't work; for instance, the concert ticket doesn't scan when you take it to the venue, or when you look inside the suspiciously cheap computer you bought, you find that it's empty or full of junk parts.
Note, however, that something being priced suspiciously low is not the only indicator of a potential swindle. Sophisticated scammers are aware of the fact that savvy consumers may be suspicious of too-good-to-be-true deals, and so may instead price their fraudulent wares at low, but not extravagantly low prices. Instead of focusing solely on the price of a good or service, check the reputation of the purported vendor—have they had complaints lodged against them, have people you know and trust had good experiences with them? Be cautious, however, of false reviews, as scammers can purchase or otherwise scam positive reviews on popular websites.
While the previous two types of scams typically appeal to people’s desires to strike a good deal, a third tier of scams preys on our predilection to serve the public good. Scammers may fraudulently claim to represent charities—either real or fictitious—or claim that they're members of law enforcement and ask you to help in an investigation.
For example, in a convoluted 'courier scam', a scammer may call you and claim that they're conducting a police investigation at your local bank, and need you to withdraw funds to help them test if the bills are counterfeit. After you withdraw your money, the scammer asks you to read out the serial numbers on the bills. The scammer then claims that based on the serial numbers, they are able to tell that the bills are indeed counterfeit and that the police will promptly dispatch a courier to your home to collect the cash you withdrew (they may make further mention of the fact that you will be compensated for the amount you withdrew by the bank at the end of the investigation, and hand you a phony claims receipt).
No matter what form a scam takes, all scams ultimately ask you to provide something, whether it is money, goods or services, or information. Always be cautious of requests for any of these things from you, which may come from strangers, or scammers posing as officials, or friends or relatives. Keep in mind that scammers are often some of the first adopters of new technologies, leveraging the public’s unfamiliarity with the emerging technologies to perpetuate their frauds. For instance, scammers have already used AI-generated voices to impersonate relatives when calling people to ask for money.
Though the underlying mechanics of a scam typically remain the same, scammers are always tweaking their operations to leverage new technologies and exploit current events. Furthermore, disinformation and scams can go hand-in-hand. In the wake of natural disasters, pandemics, war, and civil unrest, disinformation can be used as a vehicle for promoting scams, such as those reported during the COVID-19 pandemic (listen to this explored in an NPR discussion here).
The connection between scams and spam (which are typically communications from out-of-the-blue sources, some of which may be fraudulent) is also important. Normalizing spam can desensitize individuals and make them more susceptible to falling for scams. Depending on where you live, there are some institutional bodies put in place to avoid unwanted or harassing calls. In Germany, residents can file a complaint with the Bundesnetzagentur if they’ve received any manner of disruptive calls and SMS spam messages such as unauthorized telephone solicitations. (How effective that complaint is may vary from case to case.)
You can be alerted to the latest scams by following sources like:
There are also many great resources online that train individuals on how to spot scams and protect themselves against them. We’ve rounded up just a few international resources below:
Tactical Tech also has several resources which can help you build resilience including:
No matter where you fall on the spectrum of digital and media literacy, it’s important to recognize that anyone can be susceptible to scams, regardless of age (here you can find statistics about young people falling for scams). But with that said, some demographics, such as older adults, may be targeted more devastatingly by scammers. Keeping the dialogue open between friends and family as well as staying more vigilant are two strategies that may help prevent you from falling for a scam.
Written by Nikita Mazurov and Safa Ghnaim in Spring 2023. Thanks to Christy Lange and Louise Hisayasu for their edits, comments, and reviews.
In this training series, experts in the field will provide you with skills, tools and best practices in digital security.
A new Data Detox Kit guide, adapted from content from our Digital Enquirer Kit, explains how to avoid falling for tricky URLs.
The Glass Room presents Capsule 1.0, a quarterly showcase of digital objects - old and new - from previous Community Edition series, independent investigations and collaborations. This first capsule explores how our phone numbers, face prints and personal data travel from our smartphones to different third-party organisations.