It can happen to any of us, and it’s important we all learn.
This is an odd admonition, but it was brought to mind by one of the cyber-security podcasts1 I listen to.
When it comes to falling for the various online scams we warn against, people tend to fall into a couple of buckets: those too ashamed to admit it happened to them and those too smug to think it ever will.
Both camps are wrong.
Become a Patron of Ask Leo! and go ad-free!
There's no need for shame
Feeling embarrassed after falling for a scam is natural, but it’s important to share your experience and learn from it. Overconfidence and smugness can make anyone more vulnerable. Admitting, sharing, and learning from these experiences helps prevent future victimization of yourself and others.
Smug superiority
The summary from the podcast segment was this:
The cybersecurity community highlights a small group with a sense of smug superiority, which is counterproductive and has become a stereotype. It’s essential to learn from stories and not fall into the trap of overconfidence.
In this episode, the podcast hosts were calling out their own. It’s unfortunately common for cyber-security professionals and techies to radiate this sense of smug superiority.
It manifests in a couple of ways: a belief that it’ll never happen to them and making fun of those who fall victim.
Neither attitude is accurate or helpful.
Related
Phishing: How to Know It When You See It
Phishing is a way scammers trick you into providing personal and financial details. Phishing opens the door to identity theft and more.It can happen to anyone
I want to stress that: anyone. Even the most experienced computer experts can fall victim to a well-crafted phishing email, an accidentally downloaded malicious file, or other things. I’ve come frighteningly close. On more than one occasion I have been one click away from being the victim.
Overconfidence makes you more vulnerable. It leads us to skip steps we shouldn’t skip and fail to take the time we should to ensure something is what it claims to be. All because “It’ll never happen to me, I know too much!”
Oh, it will. Someday, somehow, it will.
Shame is unwarranted
A common reaction when someone realizes they’ve fallen for a phishing, romance, or other scam is a feeling of stupidity. “I should have known better.”
Given the sophistication of today’s scammers, that’s not true. You’re not stupid, and you wouldn’t necessarily have known better. Yes, you might have let your guard down in a moment of weakness or distraction (two of the scammers’ most useful tools), but that doesn’t change the fact that you’re the victim here.
Unless you were grossly negligent, which most of us aren’t, it’s not your fault.
That’s important to realize because of the next step.
Please share your story
To begin with, you need to reach out to the proper authorities to make sure they’re aware of the scam. While this doesn’t guarantee any resolution or restitution, not doing so guarantees that the perpetrators will get away with it.
Then you need to take an objective look at what happened to prevent it from happening again. There are almost certainly lessons you can learn that will help you avoid this situation in the future. This is a perfect time to share your story with a trusted techie friend or family member. They’ll often see things you’ve missed.
And I can’t stress this enough: please listen to them, particularly if they’re more technologically knowledgeable than you. Don’t take their suggestions as accusations or blame (even though the more smug among them might tend to skew that way). Take it all openly and objectively as lessons learned.
Then consider telling others: your friends, acquaintances, and community — whatever makes sense for you. You don’t have to share intimate details; just the techniques used by the scammer who happened to catch you.
Do this
Learn from the experience. This might be redundant with what I’ve said so far, but again, there’s absolutely no shame in falling for a scammer’s trap as long as you learn from the experience.
“Fool me once, shame on you. Fool me twice, shame on me.”
Set aside the embarrassment, share the story, and make sure you do whatever you feel you need to do to avoid becoming a victim again.
And once you’ve had that experience, don’t turn into that smug guy who laughs at others. Not only does no one like that guy, but remember, you were there once yourself.
I won’t fool you! Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Related Video
Footnotes & References
1: Hacking Humans (Also: Exploring emerging trends in online scamming. — Host admits to falling for a scam, beginning ~21:50)
I received an email apparently from someone I knew personally, but with whom I had not corresponded by email before. Sounded like she needed my help.
At her request I bought £300 – worth of Amazon e-cards, which were sent to the email addresses she provided.
Her style was friendly and well-spelled and in good grammar.
I had tried to ring her early on, but could not get through. When I DID get through, she said her email system had been broken into, and several people had been in touch with her.
When I reviewed the whole thing I saw:
– that the email address used was very close to her own, but with the addition of one numeral, which I had not noticed.
– the tone was very friendly – as it would have been from the real person
– the style was in good English, and polite and appreciative
– the reason for her request was very feasible
There’s a major red flag in that email. You can be 99.9999999999999999999999999999% sure if the sender asks for gift cards they are a scammer.
Or cryptocurrency.
I do a lot of tech support, often looking to Ask Leo for good ways to EXPLAIN things to the… unwashed!
Thought I try not to be, I can be smug.
Well… SpaceX IFT3 rocket launch was happening a couple of weeks ago. I was watching on a favorite YouTube channel being streamed when I decided to see if the SpaceX channel was streaming something.
Well… I should have paid more attention because there was a speech being given – at “Starbase” by a very believable Elon Musk – touting a crypto promotion to “celebrate” the launch.
The deal was that if you send crypto – Bitcoin or Ethereum – to them, you could get back DOUBLE what you sent. Yeah right…
But it was really believably done so, figuring “What the heck?” I sent $42 worth of Ethereum to the advertised location. Needless to say I did NOT get $84 back.
So, what was going on? Using an ID of SpaceX they had created a YouTube channel labeled as SpaceX with the same logo. On it they were streaming a doctored loop of a real talk by Elon at Starbase with a presumably AI generated voice to match his – touting this “deal.”
It’s hard to argue that I didn’t “fall” for this. I was pretty sure it was bogus but didn’t check before I sent the trivial sum of crypto to them. Had I double checked the YouTube channel ID, it would have be clear what was happening.
I wonder how much the bastards hauled in with this, knowing that a lot of Elon “fan boys” are also crypto nuts. It was pretty clever though.
My Mom, who was about 85 at the time, almost fell for a “grandma” phone scam. You know the one I mean: if an older-sounding woman answers the phone the scammer says “hi grandma it’s me” and takes it from there. This time though the scammer said he was a friend of her nephew Eric (who really is my cousin) and Eric was in trouble and needed some help. She agreed to meet with the guy the next day. After hanging up, her “spidey sense” told her that something was amiss and she called the police. Whew! A plan was hatched.
The next day when the guy showed up, she stalled him and called the police, who showed up in a few minutes and hauled the scammer away. Yes, my 85YO Mom was part of a police sting operation! LOL
Moral of the story: if you think that something is off, get a second opinion. It may seem legit and you may want to shrug off any concerns, but ask someone you trust how they feel about it. There is no trust-but-verify. Verify FIRST, then trust.
Yay Mom!
I got a phishing email, a perfect copy of the JPM Chase website with no flaws I detected, asking confirmation of my accounts. I obliviously entered information but before I hit send, I went to the Chase website directly and discovered the email was not from Chase. I thought myself savvy but I nearly made a big mistake. It humbled me.
Yet another scam came from the email address (no errors in the address) of an 80+ year old friend from grade school asking for help with an emergency by sending a substantial amount in gift cards. Being 99% sure this was fake, I responded with test questions and got evasive answers. After attempts to notify him he was hacked, he (or the hacker) stopped responding.
Hackers are getting crafty. Good on you for side-stepping the scams!
The 85 Y/O Gramma did good to detect that scam. I’m 86 and I get scam calls and emails regularly. Retirees’ info was originally available from wide open Social Security website. Thats been fixed but those of us who retired before the website was secured had our info exposed and its still out there.
I am the last person I ever expected to be scammed & yet I was. PayPal sent me an email that several hundred dollars had just been posted against my account……if this was not me, click here. This was late at night, I was tired & never should’ve addressed this til the morning. But I didn’t wait, clicked on the link & gave out personal information. As soon as I hit enter, I just got a bad feeling……& I was right. I went to my acct & there was nothing that had been charged. I was so pissed at myself for allowing myself to do something that stupid. Beware, we can all get caught at a weak moment….
Leo, you wrote:
“I’ve come frighteningly close. On more than one occasion I have been one click away from being the victim…”
This will be astonishing news to you, Leo– particularly as it is the last thing you intended — but that’s smug.
Why? Because of the unspoken line tacked on at the end: “…But I wasn’t.”
No, you didn’t say it, but everyone who reads the first quote will automatically hear the second one follow immediately after it in his mind.
I am absolutely convinced of this, and what is more, the better your reputation is in the reader’s mind, the more surely I think he’ll hear the unspoken boast. It’s the price that comes with being the guru.
The problem with the written word. I can “hear” that being said a couple of different ways: smugly, and as an example of the fact that gurus are just as susceptible. Needless to say the latter was my intent.
Leo, thank you for this very timely reminder for us. I was very wise regarding various scams and thought I would never be fooled. Then recently, I was caught off-guard by the old ransomware scam on my personal computer. Panic overtook me and I completely fell for it. Lesson learned: being smug is a weakness. Now that all has been resolved, it is time to let others know so they hopefully will avoid making the same mistake.
Decades ago, my recently widowed mother-in-law lost $25k to telemarketers peddling foreign lottery tickets. She gave them her credit card number! When we found out (while she was in the hospital, having made herself sick with worry) and cut everything off, I began research. I wound up talking to a U.S. Postal Inspector and an officer of the RCMP – the “nest” had moved from Las Vegas to Montreal. One of them said to me, “Don’t be mad at your mom. These guys are very good at what they do.”
Please do share your story.
I received a text saying that as no one was home a parcel couldn’t be delivered and I needed to pay £1.45 for it to be delivered again. I had been expecting some parcels and just thought it was one I’d forgotten. I sent all my bank details. Next day I was called by someone claiming to be my bank’s security, and using my bank details the scammer took me for £3,000. Fortunately the bank refunded my money, but the key points are as follows:-
1. What the scammer were doing was sending out large numbers of texts, knowing that a small percentage would ALSO be expecting parcels. They rely on you unconsciously thinking ‘Oh, it must be for me, because how could anyone know I’m expecting a parcel?
2. Who can you trust with your bank details? Amazon, Ebay, but why can I? I’ve now clamped down on who I give my details to, including now paying through Paypal which gives an extra layer of security.
3. Don’t be complacent ! I didn’t think it could happen to me.
Exactly this scam happened to me 2yrs ago. I was distracted with a houseful of grandkids and let my guard down. Having been stung for $200 in cards the scammers came back for a second bite which then made me suspicious enough to then phone my friend who gave the exact response here.
That greed by them was the thing that saved me further embarrassment.
On a wider note people are careless with email. A friend of mine, a well-known session musician, had an accountant who sent all his personal accounts to the wrong person, his accounts were sent to somemusician[at]wellknownemail.com, whereas his address was somejmusician[at]wellknownemail.com, he also used his middle name. If an expensive, reputable firm of accountants are not able to send emails to the correct address what hope is there?
[@ signs removed]