The emotional design of phishing
I’m a bit jittery after a telephone phishing call to get my bank details. This post is just to get some of the tension out of myself and talk about some of the emotion and design issues of such fraud.
One of the key elements of my work in sensory and emotional design is explaining how emotion works in meaning making and action taking. This point is very clear in the way the phishing call was designed today.
Random panic
The call starts work random panic and disorientation.
A calm English male voice saying my card has been used fraudulently in a shop in London (I was in the city a few days ago). The culprit is in custody.
The voice says they are a police officer from fraud department. Can I check my cards are all with me? I dump my wallet out. They are all there.
Emotion and authority
What this opening does is place me between multiple emotional and rational positions.
- I am afraid about fraud.
- I am glad it has been prevented.
- I trust the voice of authority.
- I obey the orders of authority.
The emotions are trying to help me make sense of the moment and take action. The trust and obedience are baked into me by years of socialisation.
- Unfooting a person’s sense of self sets them up to be a victim.
- Using social authority establishes control without overt coercion.
Control, trust and action
I am relieved, yet concerned. The man does not demand any details from me. He offers me his name, Paul Newman, and badge number, WG813. I wonder if Paul Newman is used because of some form of residual trust in the actor?
He does not ask for bank details or card numbers. He tells me to call 999 and use his details so call handler can take more details.
Authority and trust pushing an action.
Emotion: taking action but not well
There is momentum in this moment.
Emotions are good at simplifying complex moments into direct actions. They solve things.
Taking action is better than not taking action.
The risk here is that taking action may be stupid.
Emotional moments are hard because your cognitive functions are constricted. You make choices faster but they may not be good choices.
The voice of authority holds that choice. Compliance and obedience grasps the choice.
The fraud uses that all that tightening.
Call 999.
Simple. Clear. Trustworthy.
Open line fraud explained
If you don’t know then this is open line fraud.
I put phone down. I call 999 and speak to a new person who takes all the details (of my bank, cards, etc).
What is happening is that the fraudster does not put their phone down. The line remains open. When I call I am merely continuing the call to them.
Suspicion while emotional
I kept asking for the man’s police station number.
I was suspicious even while shifting between panic and obedience
He put the phone down and it all ended.
However, I still feel quite affected.
I get phishing calls all the time: weird silences, obviously incorrect company names, ridiculous claims about online problems. I’m used to all that.
This call today played with emotion and authority very well.
The shifting between panic and obedience was well managed
I wanted to write this because it shows how rationality is not something we can maintain. Emotions are central to our humanity and they are useful. However, they can be abused. Coupled with abuse of social authority, the voice of a Police Officer, and it is easy to see how this fraud works well.
Writing and reading this story is a way of enabling you (and others) to feel the sense of emotion and obedience. It may help you.