Summary
The article discusses 6 personality traits that make people more vulnerable to phishing scams. These traits are:
-
Extroverted: Extroverts tend to be more trusting and less suspicious of others, which makes them more likely to fall for phishing scams.
-
Agreeable: Agreeable people are more likely to be empathetic and want to help others, which can make them more vulnerable to phishing scams that appeal to their emotions.
-
People-pleasing: People-pleasers are more likely to go out of their way to help others, even if it means putting themselves at risk. This can make them more susceptible to phishing scams that demand urgent action.
-
Quick to trust: People who are quick to trust others are more likely to fall for phishing scams, even if the message seems suspicious.
-
Fear of or respect for authority: People who have a strong fear of or respect for authority figures are more likely to be fooled by phishing scams that pose as authority figures.
-
Poor self-control: People with poor self-control are more likely to act impulsively, which can make them more vulnerable to phishing scams that demand immediate action.
The article also provides tips for staying safe from phishing scams, such as:
-
Pause before responding to any suspicious message. Don’t click on any links or open any attachments in a message unless you are sure it is from a legitimate source.
-
Investigate the source of the message. Look for misspellings or grammatical errors in the message, which can be a sign of a scam.
-
Think carefully before reacting to the message. Don’t feel pressured to act immediately. Take some time to research the company or organization that the message claims to be from.
The key trait here is #4, being quick to trust. Everything else is circumstantial and depends on the phishing attempt.
Other hints that the text could provide:
Nigerian prince isn’t phishing.
It’s just a scam, at least the ones I’ve seen.
Definition of phishing:
Here’s a better example then:
Same deal - why would the bank contact you, and why by email? And why websearching this “trustedbank” shows mostly results with a similar but never identical name?
That said scam and phishing work rather similarly: both prompt you to act against your interests, to the benefit of someone else (who claims to be a third party), offering you either a reward for action or a punishment for inaction. The same scepticism that saves you from one will also save you from another.
Not disagreeing, but the article/study seemed only to be interested in phishing, as a subtype of scamming. Only reason I bothered to mention it.
There are different tactics involved in the Nigerian prince example than in most phishing attempts.
The Nigerian prince scam assumes you are a complete idiot, while most phishing attacks disguise themselves as legitimate stuff and often try to instill a sense of urgency, hoping that you act without having time to stop and think things over.
Package related scams are for instance more common around seasons where people order lots of packages, increasing chances of hitting someone who’s waiting for a package.
I will say that a good scammer will circumvent a lot of the “earning trust” stage.
Through social engineering or just sheer luck, they will catch you at a time when your guard is down and they will manipulate a sense of urgency.
Instantly hits on an emotional pressure point. Adds a huge sense of urgency, with good reasons for an untrusted number and a dodgy payment method, and makes it seem difficult to corroborate with the mom’s kid.
Another hugely stressful scenario. Massive sense of urgency with a disastrous deadline.
People don’t buy houses every day, and may not be fully aware of the process. They might take this as an unexpected but legit part of the process.
Obviously, this requires significant social engineering to set the scam up in the first place (knowing someone is buying a house and roughly when). But the payout can be significant.
The biggest piece of advice I can give is:
If someone is applying a sense of urgency on any decision: STOP.
Take a breather, think about the scenario. And then contact “the person/company” via another way through means you research yourself.
If it’s on the phone, ask for a case number, Google the company and phone them directly. By text or email, same thing. Find their phone number via Google.
If it is legitimate, an extra 30m isn’t going to harm anything. Especially if you say “sorry about that, I wasn’t sure if it was a scam or not”.