Digital Deception

New Deception, Same Old Tricks

Option 1

With all the banking fraud, phishing e-mails, and “Nigerian letter” type scams circulating cyberspace from its earliest days, one would think that the public would no longer fall for such deception. Apparently this isn’t the case according to a recent IRS report. The report, which was quoted in this Washington Post article, explains how scammers have adapted the old e-mail phishing scam into new markets. Most relevant to the IRS are the e-mails from fake debt collectors, claiming to represent the IRS in disputes over unpaid taxes. The scam is simple and classic: the recipient receives an e-mail purporting to be from a reputable collection agency or the IRS itself, complete with logos and official looking letterheads. The e-mail will contain part or all of a bank account number, credit card number, or social security number, and will ask the receiver to go to a website to verify his or her information to determine if the stated debt is correct. The receiver, who most likely does not owe any taxes to the IRS, panics and enters the information into the deceiver’s website. The scammer now has access to the recipient’s financial information and can go on a spending spree. Most worrisome to the IRS is that they have recently and publicly contracted out debt collection to private agencies, meaning the phishing e-mails could seem more legitimate to many Americans.

But what makes e-mails like this successful for the deceiver? Obviously most of the public is informed and aware of such scams and would think twice about giving out financial information online, especially to the IRS. Yet it still seems to be very prevalent with similar e-mails showing up in my inbox almost every day, most of them looking legitimate. Applying the model Carlson et al. (2004) developed can explain part of why these scams continue. First, the deceivers have had a lot of practice with these scams. E-mail has popular for over a decade now, and the scams were there right from the beginning. Thus, according to the model, there is a much greater likelihood of deception success. Second, e-mail provides the perfect communication medium for these scams. It has high levels of symbol variety (think of the rich text e-mails you get everyday with company logos and pictures), tailorability (individualized e-mails with your name and some or part of your financial information), and easy rehearsability. E-mail as a channel also severely limits cue multiplicity, further decreasing the likelihood that the receiver will detect the deception. E-mail does, however, have a high level of reprocessability. In most cases this would be make deception harder, however, because the scammers do not need to have any future interaction with the receiver and only need to deceive them once to get the financial information, it poses little problem to these particular frauds. Finally, e-mail as a text based medium affords a greater likelihood that receivers will be duped.

These scams are successful because they are so easy to pull off. Sending out one million phishing e-mails costs the deceiver almost nothing, and if it can pull in even one or two naïve internet users it is wildly profitable. No wonder the IRS is worried.

posted by Barrett Amos @ 9:54 AM