New Macquarie University research into phone scams has identified the scripts and emotions that drive most calls.
A team of researchers from Macquarie University’s Cyber Security Hub has analysed the content of more than 100 hours of scam phone calls to identify clear call ‘stages’ and pinpoint the social engineering techniques scammers use on their victims.
The team, headed by Professor Dali Kaafar, used machine-learning techniques and natural language processing to uncover scam ‘scripts’ that use various topics and emotions.
The team found that scripts used by scammers contain multiple paths, which can be simplified into four different stages:
Stage 1 – Introduction
The scammer establishes themselves as credible and in a position of authority, then talks about a serious threat to the recipient in a matter-of-fact way, with the threat supposedly from a higher authority (e.g., the legal system or tax office).
Stage 2 – Assistance
The scammer poses as a helpful instructor, using rapport-building conversations, ostensibly helping the recipient to resolve the supposed problem, giving step-by-step guidance to navigate to a website, install software or fill out online forms.
Stage 3 – Threat
Emotions can ramp up at this stage, as the scammer reinforces threats for non-compliance, citing police, court orders, arrest warrants, jail and other negative consequences, using legal sounding terms, talking over the victim to defer questions and introducing time pressure to prevent the victim thinking it through.
Stage 4 – Payment/Close
Once the scammer gets what they want – like a credit card payment or enticing the victim to download malicious software – the conversation becomes less organised, and scammers finish the call, sometimes promising to call back with confirmation.
Speaking about the prevalence of phone scamming, Professor Kaafar said, “Most people have either been targeted themselves, or know someone who has fallen victim to scammers, because it’s so common, so relentless and in many ways, so clever.
“Ours is one of the only studies to unpack the content of scam calls and the psychological tricks used by attackers in depth.
“I have even known a post-doctoral researcher, with years of experience in cybersecurity, who was tricked out of $8000 in a phone scam,” he added.
During 2021 alone, phone scammers stole more than $100 million from Australians via more than 144,000 incidents reported to the ACCC’s ‘Scamwatch’ service – and that’s just the tip of a fast-growing iceberg, according to Kaafar.
Sign up now for the latest news from the Yass area direct to your inbox.