Why Do Users Keep Falling for Scams?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

*Social engineering: refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access — Wikipedia


It’s unfathomable to me why so many people still get caught out by social engineering techniques, being tricked into clicking that link or opening that attachment.

Social engineering is one of the most prevalent methods used by cybercriminals to infect a system and/or gain a user’s sensitive information. Ransomware, phishing emails, scams, all generally involve an element of social engineering. Why? Because it’s simple, effective, and lucrative. It stands to reason then that the most potent method for eradicating these types of threats would be to make them less effective and less lucrative. The question is; how to achieve that?

You’ve no doubt come across the saying “education is key” – and, when it comes to social engineering, nothing could be truer. Because of the changing nature of socially engineered exploits, security software cannot always protect users from themselves. That’s why Tech blogs are repeatedly issuing the same advice/warnings – don’t click on links in emails from unknown senders, don’t open email attachments from unknown senders, etc., etc., etc. In fact, I recently published yet another list of do’s and don’ts  “10 Golden Rules to Defeat Scammers” . Yet, despite all this, so many people are still falling victim to social engineering.

A large part of the problem I suppose is that the users who need this type of advice the most are generally not the sort of people who tend to visit and read Tech blogs.

I was recently perusing a well-known freeware site and came across a comment from someone complaining that, despite being protected by a commercial grade antivirus, his company’s computers had been infected by ransomware… twice. On both occasions the infection was initiated by an employee clicking on something he or she shouldn’t have clicked on. I suggested to him that perhaps his company needed to review and strengthen its staff training program. Education is key.

My own clientele consists largely of elderly folk and, in my experience, many are highly susceptible to phishing and scams in general. I have a theory about this; I’m sure it’s because they were brought up in an era when trust was inherent; leaving the front door to the house open, leaving the car unlocked and keys in the ignition. Do you know what I mean? It’s not so much that they are gullible, more overly trusting.

These people also tend to be not so computer/security savvy, so rather than hit them with a long list of do’s and don’ts, which might be difficult to follow, I condense it all down to just three rules for them to remember:

1. Treat each and every unsolicited phone call and/or email as highly suspicious.

2. Always be very wary about giving out sensitive personal information over the internet.

3. If it sounds too good to be true, it almost certainly is.

If the more savvy among us would only take the time to pass this type of advice around their own particular circles of family, friends, and acquaintances, I believe that we, collectively, might just make a difference.



Filed under cybercrime, Don't Get Hacked, Education, Internet Safety for Seniors, Online Safety, Safe Surfing, System Security, trojans, Viruses, worms

10 responses to “Why Do Users Keep Falling for Scams?

  1. clas

    hi dave, new reader here….from bill mullins. good article. i am an old fart in florida and computer literate. most of my old friends are not and i am constantly amazed at how trusting and gullible they are to online “stuff”. i am also amazed at the younger generations who seem to just not understand what privacy means. they throw away their private info with no thought of possible consequences. the days of real “trust” are gone. you can trust but you must verify first. anyway, looking forward to more good articles….Clas

    • Hi clas,

      You Sir are a rare breed indeed… an old fart who is computer literate. I too am constantly amazed at how trusting my elderly clientele can be. I am by no means young myself but I must be more of a cynic than most.

      Thanks for your input here, appreciated.

  2. “If it sounds too good to be true, it almost certainly is.”

    That is so true. Those three rules also reminds me of a similar quote: “Nothing in life is free.”

  3. Mal

    Hey Jim,
    Another Aussie computer literate old fart here.
    It’s not just the old folk who are too trusting. I recently cleaned up a malware infested computer for a friend who is in his 30’s. The problems was his new laptop came with a 30 day trial of McAfee, and once the subscription ran out, he was cruising the internet highway with zero protection.

    1500 malware infestations, including a crude ransomware that was easily got rid of.

    I shook my head in disbelief.


    • Hey Mal,

      Seems there are more of thus than I thought. 🙂

      Hearing you mate, those AV free trials are a pain in the you know what. Part of the problem is that the AV’s icon is still sitting there in the system tray as if it’s protecting even when expired.

      Good story Mal, thanks for sharing.

  4. Clas

    hi bill, that old fart here again…hahah. here is a little of what i have learned to help with trust on the computer:
    1. i keep a C system partition and a D stuff partition
    2. i always run sandboxed
    3. i make an image backup once a week and keep three weeks on another drive.
    4. i dont trust any new program without reading lots of reviews about it.
    5. i dont trust any new operating system without reading lots of reviews about it.
    6. i dont trust win10

    • Hi Clas,

      You’ve got a great system going – Kudos to you my friend.

      Wouldn’t it be great if you could convince all your friends to follow your excellent example. OK, I’m dreaming I know. 🙂



  5. Scott

    For those of you in company domains, there is a great training program offered by KnowBe4 that helps train users by sending them emails that would normally be the ones to avoid and if they click on them, it tells them why it was bad and the administrator gets a report to help give them more training. It works very well and has really dropped our rate of people clicking on the wrong emails.