If a fraudster phoned you in the next hour, do you think they could convince you to send them all the money in your bank accounts? Neither did the people we recently spoke to, but that is, in many cases, what happened.
We recently conducted research interviews with people who had suffered from various forms of bank fraud, including those who had experienced a type of fraud called ‘push payment’ or ‘safe account’ fraud. Fraudsters, posing as bank officials, telephoned their victims to announce fraudulent activity on their account, then persuaded them to transfer money to a ‘safe account’ as a matter of urgency. Some of the people we spoke transferred their money before realising the call was fraudulent. Others narrowly escaped doing so. All felt ‘stupid’ for being taken in by the scam. As we listened to their experiences however, it became clear that the fraudsters were manipulating psychological vulnerabilities that we all share.
Push payment fraud
Before we say more about these vulnerabilities and how they can be used to persuade, let us first briefly outline what push payment fraud looks like. Our research participants first received a message telling them to update their TV License, pay a release fee on a delivery package, or update their mobile contract. Many of us have received similar texts in recent times. Despite a general awareness of phishing scams, these messages seemed genuine or timely enough for our participants to click through to a corresponding website, enter their payment details and continue life feeling good about having got one more task out of the way. These messages were, however, the first part of the fraudsters’ plan.
A week or two later, the victims received a phone call in which the fraudsters impersonated a bank agent claiming that there was fraudulent activity on the victim’s account. They asked whether any potentially suspicious payments had recently been made by the victim, which tended to trigger a memory of the above-mentioned message and subsequent payment. When the victim recalled this, the fraudster confirmed that this was the likely cause of the problem. This made the victim feel at fault and partially responsible for what was now happening. This, as we shall see, is an important part of the fraudsters’ strategy. The fraudsters then attempted to persuade their victim to transfer funds to a ‘safe’ account that the bank has set up for them.
As we listened to people’s experiences, we realised that the fraudsters were using many of the same principles and techniques that we teach in our Behavioural Science: Design for Persuasion, Emotion and Trust course. In this course, we discuss the ethical application of these principles and point out that our role as UX practitioners is to create meaningful interactions that inspire people to take action in pursuit of their goals. We also note, however, that these powerful techniques can be used in less supportive ways. And, it turns out, for illegal and harmful purposes.
So, how were these fraudsters manipulating their victims?
Emotional ‘hot states‘
Emotion is an important driver of behaviour. Advertisers have long understood the power of the 3Fs: fear, food, and… sex, three key motivators operating at primal levels of our brain. By telling victims that their bank accounts are under imminent attack, fraudsters create a powerful state of fear and anxiety in their victims. This creates an emotional ‘hot state’ that decreases the ability to think calmly and rationally.
Persuasion windows of opportunity
We are more open to persuasion in certain circumstances, and fraudsters seem well aware of this. Some of the times we are most open to persuasion include:
When we have made a mistake
The fraudsters prompt their victims to remember the phishing message and point to this as the likely cause of the current fraud. The victims therefore start the call feeling they have made a potentially disastrous mistake and are clearly in need of help from someone more competent than themselves.
When you feel indebted because of a favour
Feeling foolish and responsible for the fraudulent attack, the victims feel very grateful to the ‘nice person from the bank’ who they think is there to help them. They are therefore inclined to be as helpful as possible in return.
When our world view no longer makes sense
Prior to the fraudster’s call, the victims held various assumptions about themselves and the world. For example, that people are generally trustworthy, that they will know a scam when they see one, and that they aren’t gullible enough to fall for a scam.
All these assumptions are proven wrong at the start of the call, with the fraudster pointing to the phishing scam that they have already fallen victim to, resulting in a sense of disorientation that the fraudsters make full use of.
When you can take action immediately Victims are asked to take immediate action and have the ability to do so with the convenience of online and mobile banking.
Trust
When attempting to persuade others, it obviously helps if the persuader is perceived as trustworthy. Already benefiting from a tendency to trust others and to accept things at face value, the fraudsters proceed to use a variety of techniques to appear credible, including:
- Sounding like a bank representative, mimicking the manner and confidence one would expect
- Demonstrating (or appearing to demonstrate) expertise and knowledge of the victim’s personal details
- Appearing to call from the telephone number on the back of a victim’s bank card using a technique called ‘spoofing’. “Look at the number on the back of your card”, the fraudster would say if their victim showed signs of suspicion. “You will see it is the same as the number I am calling from”. This is particularly convincing.
- Having a certain ‘gift of the gab’, with a quick answer for everything
Persuasion
Having reduced their victims’ capacity for calm rational thinking, opened a persuasion window of opportunity, and signaled various trust factors, the fraudsters go on to target certain cognitive biases to further manipulate their victims. Identified by psychologists over the last half-century, these biases are tendencies of thought that we all share. They are decision-making shortcuts that have evolved over millennia, creating efficiencies that allow us to go about our lives with greater ease. They often work well for us but can lead us into (predictable) errors. Three important cognitive biases that we saw fraudsters making use of were:
Authority
We rely on those with superior knowledge or wisdom for guidance on how to respond.
The fraudsters presented themselves as the authority (from the bank), there to help the victim recover from the fraudulent attack. In a state of panic and confusion, victims lean on the authority figure for help.
Reciprocity
We generally aim to return favours, pay back debts, and treat others as they treat us.
As we have already mentioned, victims started the call feeling they have done something wrong (compromised their card details) and subsequently feel grateful to the person they think is helping them. This makes them more likely to comply with the fraudsters’ requests.
Liking
People prefer to say ‘yes’ to those they know and like.
Fraudsters sought to build rapport and demonstrate empathy with the victim, pretending to be on the side of the victim against a common enemy. ‘These people have no morals’, one fraudster said during a call.
In conclusion
Whether they eventually transferred money or not, all our research participants found their experiences deeply upsetting. All felt violated. All experienced panic and anxiety, especially if they complied and realised their mistake once the call ended. They all felt stupid and ashamed for falling victim to fraud, whether partially (before becoming suspicious and ending the call) or fully (handing over their money). They shouldn’t, their actions were an entirely human response to the deceptive and criminal application of techniques that manipulate psychological vulnerabilities we all share. Powerful though these techniques can be, awareness of these practices may go some way toward helping us avoid similar situations ourselves in the future.
* Persuasive Technology: Using Computers to Change What We Think and Do byBJ Fogg (2002)
More about persuasion
- Training course: Behavioural Science: Designing for Persuasion, Emotion and Trust
- Blog post: Is Designing for Persuasion Ethical?
- Webinar video: ‘Designing for Persuasion’
Related Posts
