Scam warnings

The Psychology of Scams: Real-Life Story

Last April, during school spring break, our family went on vacation to Orlando, Florida. My kids decided against theme parks and we enjoyed the hotel waterslides, game room, and some “off the beaten track” alligator-related activities. It was truly a great family vacation. On the morning of our flight back home we got the gloomy notification: Our flights have been canceled. The flight home was postponed by two days. The impact: two days of work, two days of school. My husband had business travel the next morning and could not afford to not show up. Talk about stress… 

We tried to find alternative flights home – nothing. My husband called the airline. After an hour and a half of waiting he talked to an agent for a brief moment who transferred him to another and the phone got disconnected. You can imagine the level of frustration. We decided to go to the airport to talk to a real person. We drove for 30 minutes, waited in line, and couldn’t feel anything but empathy for the poor company agent who has been dealing with this nonsense and angry people all day long. You might be wondering why I am sharing all this with you and what does this have to do with fraud. This is all to describe the emotional state we were in, of stress and frustration. 

My husband suggested we get on the company’s Facebook page and put a complaint there. So we did, and that’s where things got a little weird. I wrote something on Facebook and shortly after got a message on my facebook page (red flag #1- why didn’t she respond to the post itself?) from someone named Laura. I ignored the red flag. She told me that she is an agent of the airline and that she left me a message on Facebook messenger. I opened the app to find the message, hopeful that she will help me.

Graphical user interface, text, application, chat or text message

Description automatically generated

I even looked up her profile. It was very similar to the company’s page, with some additional posts. Looked like a legit marketing/ support profile. I didn’t see it was a new Facebook account. Her questions just opened up the floodgates of everything that had built up over the last few hours


Description automatically generated

Laura was being really patient with me, and she offered to help:

Text, application, chat or text message

Description automatically generated

Wait, what? Julie? Not Laura? Another red flag. I justified it to myself saying this is a shared support account or whatever. But I am super cautious so I didn’t give personal information on Facebook messenger. I did provide my personal email address but that’s it. I had really hoped she would help me. Next, she wrote me the following:

Graphical user interface, text, application, chat or text message

Description automatically generated

Now this part was interesting. “She” didn’t type it. She copied and pasted this cryptic message and the language was all wrong grammatically. Huge red flag. Oh and the little time bomb “This will NOT take long”… At this point, I mentally understood that this is a scam. I have been in the space long enough to recognize a scam when I see it.  However, EMOTIONALLY, I could not yet let go of the HOPE that someone will help me. That I might actually be able to get home earlier. So I wrote to her that I don’t understand what she is asking for. And then she wrote me:

Graphical user interface, text, application, chat or text message

Description automatically generated

Okay, “she” is so kind and wants to help me from my device… She wants me to download a remote access app and socially engineer me into providing the code so she can take over my phone. A Remote Access Tool (RAT) attack is motion. I couldn’t believe my eyes.  The sad thing? I was not even trying to scambait (something I might have done once or twice in the past).

The aftermath

It was 10PM. I couldn’t fall asleep thinking about what had just happened. WOW. I was almost scammed. What does this mean? How did it happen? Apparently, when you are emotionally tied to the scam, it is almost game over. A scammer was praying on people who were frustrated and who posted on Facebook at a time when there were many flight cancellations. I started to ask myself how pervasive this mode of operation is. I have certainly never heard of this before. What struck me the most was the emotional investment I had in this. It was so strong that it made me ignore all the red flags and continue the conversation, until I could see the very familiar modes of operation in the form of crypto account takeover and RAT attack.

How strong is the emotional connection?

I recently read a great overview of the psychology behind scams and why people fall for them. In a nutshell, people can have off days, off situations, and will strongly connect to hope, fear and a chance of getting quick investment returns. I have talked to a number of financial institutions and insurance companies’ fraud teams that put great controls in place enabling them to detect scam payments in real time. They often call victims in the midst of a scam, in real time, and unfortunately, many victims don’t believe the bank or insurance broker that they are being scammed and transfer money anyway. This is the case for authorized push payment fraud and many cases of romance scams and scams targeting the elderly, such as grandparent scams.


We need to stop scams before people get emotionally tied to them. That’s the only way to break the vicious cycle of attachment, victimizing, shame and the long long path to reimbursement, which could take months, involve authorities and investigations, and oftentimes will yield no results due to lack of regulation in this space, leaving consumers lonely in their personal fight against scams. Until we have technology solutions out there, organizations should keep looking out for their customers with education campaigns. Let people know that it’s okay and they are not alone, and take social responsibility to do the right thing.  

Tagged with:
Author: Ayellet Biger - Levin

Ayelet Biger-Levin, CISSP, Founder, Stealth Startup for online scam detection Ayelet is a senior leader with over 20 years of experience in the technology and information security industry. She recently held the role of SVP of Market Strategy at BioCatch, focused on helping financial institutions fight fraud and financial crime. Prior to BioCatch, Ayelet spent 11 years at RSA Security in various roles in both the Fraud Protection and Enterprise Identity solution areas. Ayelet also held various roles at IBM Research, focused on innovation.