Why Nigerian Princes are never a laughing matter: The truth about phishing scams

Many people misunderstand cybersecurity. It’s because, for decades, an antivirus has done all the work in the background. It now sounds crazy to them that someone could fall for an obvious scam. A scam they would’ve laughed at.

But that’s exactly why online fraud should stop being a laughing matter. Decades of education, data analysis, and email filters, and yet there are still thousands of online scam victims. So, what’s so special about simple phishing scams that it fools people?

Cyber Month

Just as a reminder, this article is dedicated to Cyber Month, a month-long cybersecurity awareness effort here at Nord Security. It will run until December 1 and, during this time, we’ll share simple tips and in-depth resources on how to improve your privacy online.

Cyber Month is also a time for discounts. If you’re new to NordLocker, you can choose between 500 GB and 2 TB plans to save 60% on your plan. Not to mention, NordVPN and NordPass both have great content and massive deals for you too.

Why do phishing scams work

Why do phishing scams work? Everybody should know about the Nigerian Prince by now. But they don’t. And it’s not even the biggest reason why scammers have been getting away with murder for decades. Here’s why scammers continue to thrive:

• They’re not greedy

Most phishing victims are individuals who lost anywhere from a couple of hundred dollars to several thousand. This way, criminals don’t attract a lot of attention, keep a low profile, and, often, even avoid being reported.

• They’re efficient

There’s a myth portraying scammers as illiterate. This is not true. Grammar mistakes are meant to increase efficiency. Scammers don’t want you to answer their email and waste their time. Instead, they want only those who look through the grammar mistakes and inconsistencies because these are the people that will believe weird lies about inheritance and lottery wins. Even though they cast a wide net by sending millions of emails, scammers know that it’ll be worth their time.

• They’re data-driven

0.1% success rate may sound meager by today’s business standards but it’s all in the data. As long as sending emails is virtually free, any returns can be counted as profit. Plus, reselling the data provides an additional income source.

• They’re current

After the 2020 pandemic hit companies worldwide, scammers sent out emails about COVID-19 vaccines. As Pegasus became the focal point, scammers launched campaigns about spying technology. And when a new hot topic, any medical breakthrough, an election, or a public event comes around, scammers won’t let it go to waste either.

Needless to say, we’re not praising these scammers. But we’re also not laughing. Cybercriminals have been raking in billions of dollars in 2020 and 2021 and will continue to do so until online users start to take them seriously.

The other side of the problem

Have you ever tried explaining online security to family members? Most of them haven’t even thought about protecting their private data. That’s another reason why cybercrime is booming.

People will say they don’t have time for privacy and pick the easiest passwords. They’ll say that privacy has already been lost and give Big Tech a pass after yet another data manipulation case. And they’ll say they have nothing to hide. While it’s a flawed argument for several reasons, it’s best illustrated by a story of a man who made his phone number public. His motivation was that he had nothing to hide. But, two days in, he had to make a public plea for people to stop harassing him. Not to mention that, even if you don’t have anything to hide, there are many people, like whistleblowers, human rights advocates, and journalists, who desperately need those rights.

In other words, people keep dismissing online threats because they don’t look like real threats to them. For example:

1. Ransomware attack on a hospital? It doesn’t put personal health in jeopardy.
2. Oversharing on social media? Everyone’s doing it.
3. Email password has been leaked? It’s not a big deal, that inbox was full of marketing messages anyway.

The issue is we’re much more interconnected than we realize. If you tag a friend you meet abroad on social media, you may be exposing the fact that their home is empty. If you pick a weak password, scammers can hijack your account and use it for privilege escalation. Even an old, unused email can be handy in a cyberattack. For example, impersonating the owner of the account to extort money from their relatives and coworkers.

How to protect yourself from phishing

We already have quite a few posts talking about protecting yourself from phishing. We’ve talked about common phishing attacks, how to spot phishing emails spot phishing emails, and even how companies can use phishing to fight phishing. Today, we’ll focus on some of the less-common advice.

Reduce your digital footprint

Cancel subscriptions you no longer use. Don’t create accounts to read one article or watch a video. The less data companies have on you, the less can be stolen.

Delete unused apps

Delete apps you no longer use. It’s as much about 24/7 data collection as it is about prevention of malware that can be spread by hijacking the update process.

Pay attention to your devices

If you feel something’s not right with your device, pay attention. Maybe there’s an app you don’t remember installing or the device is performing differently. These could be the signs your device has malware installed.

Log out

Logging out of your accounts after you’re done browsing is a simple and very useful habit in the digital world. Also, once in a while use the Log me out on all devices — most social media brands have this option under Privacy settings. This way you can be sure nobody is using your account without your knowledge.

Check your passwords

Check whether your accounts have been found in a reported breech. And while on the subject of passwords, enable multi-factor authentication wherever you can to prevent scammers with your password from accessing your accounts.