If it seems too good to be true, then 99.9 per cent of the time, it won’t be
It’s relatively easy to ignore the threat of being scammed these days, not only because it ‘only happens just to other people’, but also because my laptop has sophisticated protection. And anyway, I’m not exactly a prime target for these confidence tricksters (I know bad grammar and spelling when I see it…), but twice of late I have almost fallen for sophisticated scams.
Dictionary definition of scam: first known use, 1963, as a noun (“trick, ruse, swindle, cheat”) and verb (“to trick or swindle, perpetrate a fraud”), US slang, a carnival term, of unknown origin. Perhaps related to 19th century British slang ‘scamp’, meaning a cheater or swindler.
Scam calls in the UAE are not new to residents; we have been experiencing them for many years and authorities have become more adept at identifying them and picking up on clues and signals. A big give-away is usually the bad grammar and unprofessional tone – and if it’s a phone scam, the person making the call is usually claiming there’s a big emergency with your bank account, providing vague details, and urgently requesting access to personal information, something a bank will never, ever, do.
To an extent, we have all (well, almost all) honed our senses to pick up on these scammers, and some have even got to the point of finding joy in wasting the callers time by stringing them along with wild anecdotes or fake information just to give them a taste of their own medicine. I haven’t done this myself but know many who have. What I usually do is make them aware that I’d be passing on their contact details to the police.
What I am sharing here are not examples of these ‘obvious’ scams, but a seemingly new type and much more sophisticated version which appear to be highly targeted and personalized. I have in recent months been targeted twice due to my professional position and in both cases I was strung along for weeks through very realistic and professional interactions and what seemed like legitimate requests.
The first was an email I received from someone claiming to be a university student working on a paper about media who wanted to interview me about the role of the media in the region. I agreed and she sent me questions in ‘a file’ which I opened and answered. I didn’t notice it at the time, but she stressed that I should ‘open the file’. I did, and for all I know spyware and malware could have infected my computer. I grew suspicious after she continued to pester me even after I responded to her questions. This time, asking if her friend can share a ‘file’ of a story she has written to see if it was of interest to this publication. She wouldn’t give up, and continued to email me, even sending messages on WhatsApp until I blocked and reported her.
In another instance, I was contacted by a man who claimed to be from a US think tank and wanted to collaborate on a story with me. He sent emails with links that were impossible to open (apparently containing the queries he had for me). I was suspicious enough to do some digging around and I found a Twitter account under the same name and with the photo he’s been using. When I asked if he used Twitter, he said no. Alarm bells started ringing. I then found the real individual online and emailed him (email addresses didn’t match and the fake one misspelled the name) and it wasn’t him. Similarly, he was insistent on my opening the file he sent me, but I didn’t, so thankfully this attempt failed.
My husband was also recently targeted. As the country representative for his company, he received a call from someone claiming to be representing the Federal Tax Authority. She asked why the company he works for hadn’t been paying taxes in the UAE. A suspicious request. When he asked for a meeting in her office, the call quickly ended.
I am not sure what the end game would have been for these people but I suspect it was to access information on my computer for bank card fraud. In fact, since those incidents, my card has been compromised with funds withdrawn, and had to be blocked. I am currently in the process of filing a dispute claim with my bank. Thankfully, the bank was able to block the card before larger sums could be withdrawn.
We’ve come a long way since Nigerian princes, or their agents managed to convince a surprising amount of people that they were going to be rich – but only if they sent (insert figure of choice) to cover costs. In fact, this was the first con to really flourish on the internet. The “Nigerian Prince” scam, also known as the “419” scam (named for the section of Nigeria’s criminal code dealing with fraud), has a very long history that actually predates the digital age with its origins going back to an infamous 19th century swindle called the “Spanish Prisoner” where letters were sent to a number of gullible citizens in the hope of raising a ransom to secure the release and return of, yes, a Spanish prisoner. The method of attack has since progressed from hand-written letters to faxes to emails and social media.
But it may surprise you to find out that it’s still working today. Although it seems more like a punchline to a joke than a real threat, the Nigerian prince still gets paid: in 2019, the con brought in around $700,000 from American citizens alone. By applying the science of psychology with social engineering, our Nigerian prince went to college and is now a crypto-crook, raking in a huge amount of cash from all over the world.
Authorities, lawmakers and banks are quick to remind us that these scams exist and can be dangerously, effective, but digital online safety really begins, and ends, with us. Three simple rules to live by: first, never open a link from any source unless you are totally convinced that you trust the sender; second, never trust the sender, and third, remember: if it seems too good to be true, then 99.9 per cent of the time, it won’t be – it’s most likely a scam.