Excerpted from The Password Book, and in reference to:
On the morning of November 7, 2014, I received (as did everyone on my Mom’s AOL email contact list), the following email, under subject: “Sad News”:
I really hope you get this fast. I could not inform anyone about our trip, because it was impromptu. We had to be in Philippines for a Tour. The program was successful, but our journey has turned sour. We misplaced our wallets and cell phones on our way back to the hotel after we went for sight seeing. The wallet contains all the valuables we have. Now, our luggage is in custody of the hotel management pending when we make payment.
I am sorry if I am inconveniencing you, but I have only very few people to turn to now. I will be very grateful if I can get a short term loan of ($2,450) from you. This will enable me sort our hotel bills and get my sorry self back home. I will really appreciate whatever you can afford at this moment. I promise to refund it in full as soon as I return. Please let me know if you can be of any assistance.
The Four Elements of Any Scam: Explained
The Spoof. Both, first to my Mom, and then to her contacts, the scammers were pretending to be something or someone that they were not. They were “spoofing” – first, a “trustworthy” email sender and “trustworthy” website or attachment to which my Mom would mistakenly give her login and password, and second, doing the same thing to her contacts, pretending to be my Mom, after they had gotten control of her email.
The Confidence Game. Throughout, the scammers strove to increase the confidence of their intended victims, by emailing back people who asked questions (and in other such similar scams, even going so far as to converse on the phone). First the scammers spoof and then they build confidence.
The Keys. Your car or house has a physical key, but your email account, your mobile phone, your bank account online, your Facebook, Twitter, or LinkedIn, have virtual keys – your login, your password, and sometimes your two-step verification code. Scammers want these keys as means to an end – usually, but not always, money. In my Mom’s case, once they had the AOL login and password, they could use those Keys to work on their real targets, her friends and family.
The Ask. Scammers may start with getting your “keys” but their ultimately goal is to get money. To do this, they must ask for something. In my Mom’s case, first they asked her to click on something in an email and then to “reverify” her AOL login and password, and later they asked her contacts to send money urgently to the Philippines.
At the anatomical level, all scams share these elements in common: the Spoof, the Confidence Game, the Keys, and the Ask. There are simple scams and more complex scams (See Appendix A for a list of common scams), but they all share these elements in common.
Once you understand the “anatomy of a scam,” you can be on the look out for its constituent elements and thereby make yourself harder to fool.