Cyber crime

The Mindset of Scammers: Psychology of A Scammer

Niek Dekker
5 Min

Following the massive Optus data breach, the personal information of millions of Australians could now be up for sale to the highest bidder. We are going to see an unprecedented range of finance and accounting scams in the coming months. The tactics, psychological techniques and procedures scammers use to defraud organisations will be limited only by their imaginations.

Many organisations already implement cyber security training for their staff. Ensuring staff have an understanding of phishing, the importance of strong passwords, and the need for Multi-Factor Authentication is really important. However, it is inadequate.

Scammers play sophisticated psychological tricks to fool people. Unless staff are able to get into the mindset of scammers, they will always be vulnerable to trickery and deception.

This is particularly true for accounts payable (AP) staff, who are all too often targeted by scammers due to their ability to access an organisation’s finances and bank accounts.

It’s Not Just Foolish People That Get Scammed

The first myth that absolutely must be dispelled is that only foolish people get scammed.

This is a really dangerous misconception. After all, nobody likes to think of themselves as foolish. If people believe that only foolish people fall for scams, they may assume that they could never be deceived. This could then lead to dangerous complacency – ironically making them more likely to become scam victims.

It’s important to have open and transparent communications in your organisation about scams. Those who are victims should not be made to feel ashamed or foolish. Everyone should be able to speak openly about any instances when they have been targeted, so we can all learn from each other’s experiences.

Consider setting time aside on a regular basis for your AP team to discuss and learn about real-world scams. Your team could either share their personal experiences, discuss scam news they may have come across in the media, or watch videos, such as Zoom to Doom, which takes a deep dive into how one leading Australian hedge fund was scammed out of millions of dollars.

Being Trusting and Agreeable May Put You at Risk

We know that a person’s level of intelligence has no bearing on whether they will be scammed. So, what character traits may point to a person being more susceptible to scams?

It appears that those of us who are trusting and agreeable may be more prone to falling victim to a scammer.

Many times, a scammer will attempt to win the trust of a potential victim by impersonating a known, trusted figure, such as their AP manager, or their organisation’s CFO. Often, agreeable staff will act swiftly to fulfil any requests they receive from a trusted authority figure.

Whilst acting swiftly may be good for productivity, it may not be good for security. Processes need to be in place that ensures staff verify any instructions or requests they receive before complying with them, particularly when those instructions or requests involve money.

The 6 Psychological Tricks Scammers Most Commonly Use

Whilst scammers are always inventive, there are six main types of tricks they use to scam people:

  1. Urgency: Scammers will seek to deceive their victims into acting quickly before they have time to think rationally about the activities they are undertaking. AP managers should implement processes that require staff to slow down and double-check any actions they take involving money. This will give your AP staff time to carefully consider whether they are being deceived into taking actions that are part of an elaborate scam.
  2. Trust in Authority: By instinct, most AP staff are inclined to trust people in authority, whether that’s their CFO or AP manager. Scammers know this and routinely seek to impersonate people in authority as a way to persuade AP staff to take certain actions they would not normally take. AP managers should implement processes that require their teams to double-check any actions they are taking involving money to ensure they are legitimate, even if staff are following “instructions” from managers.
  3. Herd Principle: Many people have a tendency to act like those around them. The risk is that one person in your AP team may have been deceived by a scammer into taking certain actions, which may result in other members of your AP team also being deceived by the scammer.
  4. Distraction: Scammers routinely distract their victims, making them more likely to fall for a scam. They may distract people with requests that don’t involve money, so AP staff become more trusting. Once trust is established, they then proceed to deceive the victim into taking an action that involves money.
  5. Innate Greed: Unfortunately, there will always be some individuals that have an innate tendency to be greedy. Scammers look for these opportunities, particularly in AP teams. For example, they may persuade an AP staffer into approving inflated invoices in exchange for a kickback. All AP managers should ensure independent external auditing takes place on a regular basis to reduce such risks.
  6. Desire to Help: Most AP staff are well-meaning and will be inclined to help out others wherever possible. Whilst this is an admirable character trait, it may make them susceptible to those who take advantage of their innate helpfulness by persuading them to do certain things they normally wouldn’t. Over email or other communications technologies, scammers may impersonate a manager, colleague, supplier or customer, in order to request help. The “help” may involve the AP staffer taking actions that are part of an elaborate scam.

While comprehensive policies and procedures, robust internal controls, segregation of duties and regular auditing, CFOs and AP managers can protect their organisations from most of the tricks scammers use.

However, scammers are always ingenious. They continuously look for new ways to deceive people. Is it fair to expect your AP staff to always be on the lookout for scammers? This can contribute to heightened levels of stress and reduced productivity.

Only an automated system for detecting red flags such as unauthorised outbound payments can offer the level of protection you need at a time when scams are increasingly duplicitous.

How Eftsure Can Help

Eftsure sits on top of your existing accounting processes. Each time an outgoing payment is being processed, the transaction details will be cross-matched in real time against the Eftsure proprietary database.

Our database, comprising over 90% of actively trading Australian corporate entities, aggregates data from many thousands of independent data sources. This gives you the assurance that the funds you are transferring are legitimate and have not been manipulated in any way by sophisticated scammers.

At a time when all Australians need to be on heightened alert to the risks of scams, there’s never been a more important time to use every tool at your disposal to stay protected.

Contact us today to make Eftsure an integral weapon in your armoury against scammers.

BEC Incident Response Guide for Finance Teams
Learn how to respond to a Business Email Compromise attack by following the necessary steps.

Download the Business Email Compromise (BEC) Incident Response Guide today to strengthen the odds of recovering your funds following a BEC attack.

Related articles

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.