Financial losses from carding are far from the only damage that victims face: moral costs are no less, and even those who recognized the carding in time suffer from them.
“2020 has been a tough year. The pandemic and economic crisis have not left any of us idle. Carding didn’t rest either - 2020 was a busy year for them,” wrote Monica Vaca, Deputy Director of the US Federal Trade Commission (FTC), summing up the results of the pandemic year. For all of last year, the FTC, which is responsible for protecting consumers, received about 2.2 million reports of encounters with carders, almost 30% more than the year before. A third of the authors of these messages - versus a quarter a year earlier - suffered real material losses, the total volume of which the commission estimated at over $3.3 billion - almost twice as much as in 2019.
The increase in the number of carding, the number of their victims and the scale of damage is partly explained by the crisis: one of the most popular schemes of carders was to disguise themselves as representatives of the state or business and offer coronavirus payments, anti-crisis support for small businesses, compensation or free services. In mid-April 2020, the world's largest email platform, Google, which is currently used by about 1.8 billion people, reported that in just one week it had blocked about 126 million malicious and phishing emails containing the subject “Covid-19”, and this is in addition to more than 240 million spam messages. The letter writers posed as reputable organizations such as the World Health Organization to solicit donations or spread computer viruses, and offered “financial support” in exchange for personal information.
On the one hand, much depends on the methods of persuasion used by the carder; on the other hand, the potential victim’s propensity to take risks, her cognitive abilities, personality traits, in particular impulsiveness, as well as the time she is given to process the information received may be important: the more attentive and rational a person is, the higher his cognitive abilities and the more The time he has to think, the less likely the carders is to succeed, Lancaster University psychologist Helen Jones points out in a study with her colleagues from the university and the Defense Science and Technology Laboratory in Salisbury.
However, other studies do not confirm all of these findings. For example, a joint study by the Stanford Longevity Center in California, the George Washington University Business School, and the Wharton School of Business at the University of Pennsylvania found no link between cognitive ability and the likelihood of being a victim of carding. Level of education also does not affect the likelihood of becoming a victim of carders. Thus, psychologist Emily Mueller from Scripps College in California and her co-authors show that more educated people are less likely to respond to offers of interest to the mass market, but are more likely than others to report that they have become victims of carding investment schemes. And a survey by the European Commission in 30 countries in the region, conducted in 2020, indicates that more educated and wealthy people, on the contrary, are generally more likely to fall into the trap of carders.
There is a widespread stereotype that older people are more likely to become victims of carders: the likelihood that they have savings is higher, which means they are also more likely to become the object of attention of carders, and due to their age, it may be more difficult for the elderly to resist the persistence of carders. Among the factors that increase the risk of becoming a victim as you age, researchers at the American Center for Medicine at Rush University cite decreased cognitive function in older people, as well as lower levels of financial literacy and psychological well-being.
A number of studies confirm that older people have a higher risk of becoming victims of carding. Other data suggests that victims are more likely to be middle-aged. FTC data also shows that before the pandemic, people aged 35 to 54 were the most likely victims of carding, and during the pandemic, complainants have become even younger, with the largest number of carding complaints filed by people aged 30-39. True, this may be due to the fact that older people are less likely to report carding. For example, one experiment with phishing emails found that whether older adults report suspicions of phishing depends in part on their knowledge of it—so increasing awareness and general knowledge about safe online behavior may be an effective way to reduce vulnerability to Internet carding.
Two factors that influence your chances of becoming a victim of carding are impulsivity and risk tolerance. Reduced self-control (propensity for risky investments) and activity on the Internet (online shopping, opening emails from unknown senders) are associated with a higher risk of becoming a victim of carers, an analysis of the behavior of more than 11,500 Internet users showed. The same was confirmed in 2019 by an FTC study and the work of cybersecurity specialist from the University of Warwick Monica Whitty. And a study by the American charity for the elderly AARP found two more patterns: victims of investment carding are more likely to make spontaneous purchases, and victims of lotteries never or almost never plan future purchases.
It is no coincidence that one of the most enduring methods of carding is the so-called “Nigerian letters”, offering get-rich-quick schemes: payments for assistance in obtaining an inheritance or money from an account, during which victims are deceived into “advance payment” for various related services. After analyzing 111 such emails, Wendy Cukier, Eva Nesselroth and Susan Cody of Ryerson University in Toronto explain the effectiveness of “Nigerian spam” by the fact that its authors use the archetypal myth of wealth falling from the sky and appeal to strong emotions such as greed and guilt.
Carders often try to overwhelm potential victims with authority (for example, posing as officials, representatives of large organizations or law enforcement agencies), exploit their trust, cause euphoria from a sudden pleasant surprise or, conversely, panic - the most common methods of telephone carding include calls from “ bank security service" in connection with a "suspicious transaction" or from a "call center" about blocking a card.
In addition to emotions, another one of the main tools of carders is urgency: the emphasis is on the need for emergency action “right now”, on a limited number of valuable prizes or time to make a decision, etc., in order to turn off critical thinking and not leave the victim time to think .
All this worked perfectly during a pandemic - in a situation of difficult psychological conditions and isolation, writes Igor Shulga, director of the Anti-Fraud Center at Informzashita. “It is human nature to trust more than to verify. He is waiting for participation. Therefore, communication scripts were adjusted almost instantly through several feedback channels: news background (including messages about social assistance to the population, now this is speculation on vaccines), protective actions of financial organizations / law enforcement agencies, recommendations from regulators and law enforcement agencies,” he describes the situation in Russia, where in 2020 the number of registered crimes using IT technologies, according to the Ministry of Internal Affairs, increased by almost three quarters to more than 0.5 million, and four out of five such crimes were theft or carding.
Even if a potential victim manages to avoid financial losses, communication with those who are trying to deceive does not go unnoticed for many. People who encounter carders suffer serious moral costs: stress, a sense of loss of personal security, and the fear of again being among those who are being scammed, write David Modick and Ross Anderson of the University of Cambridge. The psychological effect may exceed the negative effects of losing money, they note.
Many victims of carding place the blame for what happened on themselves (and not on the attackers). For example, out of 600 participants in a survey of people who lost money in a carding scheme, conducted in 2014 for the Financial Industry Regulatory Authority (FINRA), almost half (47%) were of the opinion that the victims themselves were to blame for what happened affected respondents. Many of them complained of problems with sleep and health, loss of self-confidence and respect from others, increased anxiety, and some even named divorce or separation from their partner among the consequences of their indiscretion.
Another survey, in which more than 28,000 people from the European Union, Iceland and Norway participated in 2019, showed that more than half (56%) of respondents had encountered carders in the previous two years. Carding attempts included deception when purchasing and paying for goods, telephone calls and emails from supposedly representatives of a bank, government agency or other organization asking for personal and financial information to provide some service, or “winning” a lottery. It turned out that only 24% of respondents suffered real financial losses in such situations, and only 13% suffered significant damage (from 50 euros and more). Nevertheless, eight out of every ten respondents reported moral damage from this episode. They described their feelings as irritation (68%), anger (56%), stress (30%), and shame and embarrassment (16%).
The power of moral damage from dealing with carders is partly explained by the results of a survey by the research company Ipsos among representatives of 28 countries, including Russia, in 2019: hacking for the purpose of carding or espionage was named as their main fear by the vast majority of people in all countries – 75%. The fear of becoming a victim of cybercriminals turned out to be worse than the threat of a nuclear or chemical attack - it was noted among the main fears by 68% of survey participants.
Educational resources and law enforcement agencies warn about old and new carding and ways to protect yourself. However, judging by the number of victims, these tips are not working, Hanoch and Wood note. Despite calls to use strong passwords to protect personal data, there will always be someone who will set the password to 123456, the researchers write, listing the basic rules for avoiding becoming a victim of carding.
So, it is worth installing anti-virus and anti-spam programs on your computer and using passwords that are as complex as possible. You should not give confidential information over the phone. You should not give in if you are required to take some action urgently: in such a situation, you should insist on a pause, during which you can, for example, contact the bank yourself (if the call is “from the bank”), get advice from a trusted person or check data that is questionable. It makes sense to report instances or attempts of carding to help others.
Telephone carders can be recognized by unexpected calls from unfamiliar numbers, offers to transfer money, “very advantageous offers”, as well as attempts to intimidate with the loss of funds, a desire to learn confidential data and a call to immediately provide the requested information.
For email messages, there are also a number of signs that help you understand that the letter was sent by a carder. So, you should check the authenticity of the site to which the link in the letter leads by moving the cursor to it and not clicking on it (if you click, a malicious program may immediately begin to download or you will be redirected to a carding site). Letters requesting personal information, bank details, notification of a sudden win, or a request to follow a link and log in are usually phishing, as are letters with impersonal requests and generous promotions, in which you need to enter personal information to participate.
(c) Irina Ryabova
econs.online
“2020 has been a tough year. The pandemic and economic crisis have not left any of us idle. Carding didn’t rest either - 2020 was a busy year for them,” wrote Monica Vaca, Deputy Director of the US Federal Trade Commission (FTC), summing up the results of the pandemic year. For all of last year, the FTC, which is responsible for protecting consumers, received about 2.2 million reports of encounters with carders, almost 30% more than the year before. A third of the authors of these messages - versus a quarter a year earlier - suffered real material losses, the total volume of which the commission estimated at over $3.3 billion - almost twice as much as in 2019.
The increase in the number of carding, the number of their victims and the scale of damage is partly explained by the crisis: one of the most popular schemes of carders was to disguise themselves as representatives of the state or business and offer coronavirus payments, anti-crisis support for small businesses, compensation or free services. In mid-April 2020, the world's largest email platform, Google, which is currently used by about 1.8 billion people, reported that in just one week it had blocked about 126 million malicious and phishing emails containing the subject “Covid-19”, and this is in addition to more than 240 million spam messages. The letter writers posed as reputable organizations such as the World Health Organization to solicit donations or spread computer viruses, and offered “financial support” in exchange for personal information.
Carders and victims
Carding has several features that distinguish it from most, if not all, other crimes, say Yaniv Hanoch, associate professor of risk management at the University of Southampton Business School, and Stacey Wood, professor of psychology at Scripps College in the US. First, criminals can be—and often are—far from their potential victims. Second, carding involves the involvement of the victim. The person against whom the crime is directed must take a fairly active part in the scheme: agree to talk on the phone, provide personal information, transfer money, follow the links offered in letters and messages, etc. At the same time, this same feature also contains a way to avoid deception, but to fully explain why some people agree to the offers of carders, while others do not - for example, carding on the Internet is carried out, according to various estimates , from 7% to 17% of those who encounter it, – researchers cannot yet.On the one hand, much depends on the methods of persuasion used by the carder; on the other hand, the potential victim’s propensity to take risks, her cognitive abilities, personality traits, in particular impulsiveness, as well as the time she is given to process the information received may be important: the more attentive and rational a person is, the higher his cognitive abilities and the more The time he has to think, the less likely the carders is to succeed, Lancaster University psychologist Helen Jones points out in a study with her colleagues from the university and the Defense Science and Technology Laboratory in Salisbury.
However, other studies do not confirm all of these findings. For example, a joint study by the Stanford Longevity Center in California, the George Washington University Business School, and the Wharton School of Business at the University of Pennsylvania found no link between cognitive ability and the likelihood of being a victim of carding. Level of education also does not affect the likelihood of becoming a victim of carders. Thus, psychologist Emily Mueller from Scripps College in California and her co-authors show that more educated people are less likely to respond to offers of interest to the mass market, but are more likely than others to report that they have become victims of carding investment schemes. And a survey by the European Commission in 30 countries in the region, conducted in 2020, indicates that more educated and wealthy people, on the contrary, are generally more likely to fall into the trap of carders.
There is a widespread stereotype that older people are more likely to become victims of carders: the likelihood that they have savings is higher, which means they are also more likely to become the object of attention of carders, and due to their age, it may be more difficult for the elderly to resist the persistence of carders. Among the factors that increase the risk of becoming a victim as you age, researchers at the American Center for Medicine at Rush University cite decreased cognitive function in older people, as well as lower levels of financial literacy and psychological well-being.
A number of studies confirm that older people have a higher risk of becoming victims of carding. Other data suggests that victims are more likely to be middle-aged. FTC data also shows that before the pandemic, people aged 35 to 54 were the most likely victims of carding, and during the pandemic, complainants have become even younger, with the largest number of carding complaints filed by people aged 30-39. True, this may be due to the fact that older people are less likely to report carding. For example, one experiment with phishing emails found that whether older adults report suspicions of phishing depends in part on their knowledge of it—so increasing awareness and general knowledge about safe online behavior may be an effective way to reduce vulnerability to Internet carding.
Fragments of information
Many people don't realize that even a few pieces of information can give attackers access to user accounts, which they can use to steal money or distribute malware, Kaspersky notes. It is better not to post information such as your full date of birth or address on social networks or share it with strangers, even if they introduce themselves as “technical support employees” or someone else trustworthy.Two factors that influence your chances of becoming a victim of carding are impulsivity and risk tolerance. Reduced self-control (propensity for risky investments) and activity on the Internet (online shopping, opening emails from unknown senders) are associated with a higher risk of becoming a victim of carers, an analysis of the behavior of more than 11,500 Internet users showed. The same was confirmed in 2019 by an FTC study and the work of cybersecurity specialist from the University of Warwick Monica Whitty. And a study by the American charity for the elderly AARP found two more patterns: victims of investment carding are more likely to make spontaneous purchases, and victims of lotteries never or almost never plan future purchases.
On emotions
With the development of technology, the capabilities of carders are expanding, and the scripts used in their work are changing, but the main tool they use remains unchanged - social engineering, or the use of human weaknesses in order to deceive a person into revealing information or taking an action. To do this, attackers use emotional manipulation: people are more likely to commit irrational or risky actions when under the influence of emotions - fear, panic, curiosity, anger, guilt or emotional arousal.It is no coincidence that one of the most enduring methods of carding is the so-called “Nigerian letters”, offering get-rich-quick schemes: payments for assistance in obtaining an inheritance or money from an account, during which victims are deceived into “advance payment” for various related services. After analyzing 111 such emails, Wendy Cukier, Eva Nesselroth and Susan Cody of Ryerson University in Toronto explain the effectiveness of “Nigerian spam” by the fact that its authors use the archetypal myth of wealth falling from the sky and appeal to strong emotions such as greed and guilt.
Carders often try to overwhelm potential victims with authority (for example, posing as officials, representatives of large organizations or law enforcement agencies), exploit their trust, cause euphoria from a sudden pleasant surprise or, conversely, panic - the most common methods of telephone carding include calls from “ bank security service" in connection with a "suspicious transaction" or from a "call center" about blocking a card.
In addition to emotions, another one of the main tools of carders is urgency: the emphasis is on the need for emergency action “right now”, on a limited number of valuable prizes or time to make a decision, etc., in order to turn off critical thinking and not leave the victim time to think .
All this worked perfectly during a pandemic - in a situation of difficult psychological conditions and isolation, writes Igor Shulga, director of the Anti-Fraud Center at Informzashita. “It is human nature to trust more than to verify. He is waiting for participation. Therefore, communication scripts were adjusted almost instantly through several feedback channels: news background (including messages about social assistance to the population, now this is speculation on vaccines), protective actions of financial organizations / law enforcement agencies, recommendations from regulators and law enforcement agencies,” he describes the situation in Russia, where in 2020 the number of registered crimes using IT technologies, according to the Ministry of Internal Affairs, increased by almost three quarters to more than 0.5 million, and four out of five such crimes were theft or carding.
Damage to Russians
According to the Bank of Russia, in 2020, carders made more than 770,000 transactions with bank cards and electronic wallets of users, depriving them of almost 9.8 billion rubles - the number of incidents and the amount of damage compared to 2019 increased by 1.3 and 1.5 times respectively. Almost two-thirds of such transactions were carried out using social engineering methods, that is, tricks and psychological techniques, as a result of which people voluntarily transfer money to attackers or provide them with information through which they gain access to accounts.Even if a potential victim manages to avoid financial losses, communication with those who are trying to deceive does not go unnoticed for many. People who encounter carders suffer serious moral costs: stress, a sense of loss of personal security, and the fear of again being among those who are being scammed, write David Modick and Ross Anderson of the University of Cambridge. The psychological effect may exceed the negative effects of losing money, they note.
Many victims of carding place the blame for what happened on themselves (and not on the attackers). For example, out of 600 participants in a survey of people who lost money in a carding scheme, conducted in 2014 for the Financial Industry Regulatory Authority (FINRA), almost half (47%) were of the opinion that the victims themselves were to blame for what happened affected respondents. Many of them complained of problems with sleep and health, loss of self-confidence and respect from others, increased anxiety, and some even named divorce or separation from their partner among the consequences of their indiscretion.
Another survey, in which more than 28,000 people from the European Union, Iceland and Norway participated in 2019, showed that more than half (56%) of respondents had encountered carders in the previous two years. Carding attempts included deception when purchasing and paying for goods, telephone calls and emails from supposedly representatives of a bank, government agency or other organization asking for personal and financial information to provide some service, or “winning” a lottery. It turned out that only 24% of respondents suffered real financial losses in such situations, and only 13% suffered significant damage (from 50 euros and more). Nevertheless, eight out of every ten respondents reported moral damage from this episode. They described their feelings as irritation (68%), anger (56%), stress (30%), and shame and embarrassment (16%).
The power of moral damage from dealing with carders is partly explained by the results of a survey by the research company Ipsos among representatives of 28 countries, including Russia, in 2019: hacking for the purpose of carding or espionage was named as their main fear by the vast majority of people in all countries – 75%. The fear of becoming a victim of cybercriminals turned out to be worse than the threat of a nuclear or chemical attack - it was noted among the main fears by 68% of survey participants.
Carding protection
The number of cardingt schemes is in the hundreds, if not thousands, and carders attack people in every corner of the world, constantly changing their methods and using new baits.Educational resources and law enforcement agencies warn about old and new carding and ways to protect yourself. However, judging by the number of victims, these tips are not working, Hanoch and Wood note. Despite calls to use strong passwords to protect personal data, there will always be someone who will set the password to 123456, the researchers write, listing the basic rules for avoiding becoming a victim of carding.
So, it is worth installing anti-virus and anti-spam programs on your computer and using passwords that are as complex as possible. You should not give confidential information over the phone. You should not give in if you are required to take some action urgently: in such a situation, you should insist on a pause, during which you can, for example, contact the bank yourself (if the call is “from the bank”), get advice from a trusted person or check data that is questionable. It makes sense to report instances or attempts of carding to help others.
Telephone carders can be recognized by unexpected calls from unfamiliar numbers, offers to transfer money, “very advantageous offers”, as well as attempts to intimidate with the loss of funds, a desire to learn confidential data and a call to immediately provide the requested information.
For email messages, there are also a number of signs that help you understand that the letter was sent by a carder. So, you should check the authenticity of the site to which the link in the letter leads by moving the cursor to it and not clicking on it (if you click, a malicious program may immediately begin to download or you will be redirected to a carding site). Letters requesting personal information, bank details, notification of a sudden win, or a request to follow a link and log in are usually phishing, as are letters with impersonal requests and generous promotions, in which you need to enter personal information to participate.
(c) Irina Ryabova
Мошенники и их жертвы: кто уязвим и почему — ECONS.ONLINE
Финансовые потери от мошенничества – далеко не единственный ущерб, с которым сталкиваются пострадавшие: моральные издержки оказываются не меньше, и страдают от них даже те, кто вовремя распознал аферу.
econs.online
