My friend Rik Coeckelbergs wrote an interesting update about a speech by Paul Maskall, Strategic Fraud Prevention and Behavioural Lead, UK Finance, at the Open Banking Expo.
He specifically noted a question Paul asked the audience: “What’s the difference between fraud and marketing?” and thought that the only difference “lies in the endgame: whether the purpose is to sell or to steal”.
Interesting, and made me think a bit myself.
I’ve blogged about this often, but realised that Paul had contextualised this brilliantly as most fraud is through social engineering. The criminal manipulates you to believe that what they say is true. Isn’t that what a marketeer is meant to do? A fraudster is selling you a scam, just as marketeers are selling you a dream. What’s the difference?
This is well illustrated by Facebook ads. You may ask: ?, but Facebook ads regularly sucker me, and I’m sure many others, into a click and a possible sale. Then the goods arrive and they are nothing like what was advertised. Most of the products are duds, and should never have been shown online.
In other words, Facebook ads are marketing scams by fraudsters, imho.
Thje reason I mention this is that fine line between selling and scamming, which is what Paul picked up on in his speech. All scams are selling and marketing fraudulent goods. Whether it is the $5 million left to you by a family member you never knew you had to clicking on the wrong click and getting malware or adverts for something you don’t need or want, the criminal community is all there waiting behind the scenes.
The big thing that has stayed with me after talking to many hackers and fraudsters is that they always say it is nothing to do with technology. It is all about social engineering and human behaviour*, and looking for opportunities to buck the system by watching people’s movements carefully and then duping them.
It reminds me of a fraudster who said they would have thrown their own grandma in their grave if it gave them ten grand or, as I recently blogged, the fraudster does not think about the victim, only the money.
So, what is the problem? Crime.
What is the solution? Tech.
We need to get much better at using tech to identify fraudulent schemes. A simple example is the number of emails I get saying that my Netflix or Spotify account renewal has failed and I need to update my details. On clicking it is clear the email didn’t come from Netflix or Spotify, and the website is fake. Why am I getting such emails? AI and email providers should be spotting such fake scams and placing them in trash or spam boxes … but they don’t. The same with websites, phone calls and more.
The technology is there and more is emerging – digital identities will make a huge difference, imho – but we are early doors and have let a lot of rogue activity escape into the real world.
Having said that, using real world behaviours of fraudsters activities – we watch them and the watch the victims – we can definitely build technologies to better protect people from the scam schemers.
Meanwhile, I just bought a new pair of air pods because the ad on Facebook was too good not to click … or was it?
More on social engineering:
Social engineering is a type of cyberattack that uses psychological manipulation to trick people into giving up sensitive information, making security mistakes, or performing actions that compromise their security. Instead of technical hacking, it exploits human trust and behaviour, often by impersonating a trusted entity like a bank or a colleague, to steal information like passwords and financial details.
How it works
Research:
Attackers gather background information on their target to make their approach more convincing.
Gain trust:
They build rapport and trust with the victim, often by impersonating a legitimate source.
Manipulate:
The attacker uses psychological tactics to persuade the victim to take an action, such as clicking a malicious link, opening a dangerous attachment, divulging information, or sending money.
Common types of attacks
- Phishing: Using fake emails or websites to trick victims into providing information.
- Vishing: Phishing over the phone.
- Smishing: Using SMS text messages to trick victims.
- Baiting: Offering something desirable to lure a victim into a trap, like a free download or exclusive content.
- Tailgating: Following an authorized person into a secure physical area.
- Quid pro quo: Tricking someone into providing information in exchange for a promise, like a small gift or money.
Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...