Received a text claiming to have a delivery for you, or offering a tax refund? Aberystwyth University’s Dr Gareth Norris and Alexandra Brookes explain why text scams are finding so much success with this approach.
A new “fraud wave” has been reported, targeting mobile phone users with texts that, at first glance, appear to be from delivery companies or government institutions.
You may even have been targeted by the text scams yourself, which often ask you to pay missed delivery charges or tax fees and are sent from numbers that claim to belong to postal, revenue or well-known delivery services.
While these scams are actually nothing new, there does appear to have been a sudden and dramatic increase in their volume in recent weeks, coming after the recent spike in coronavirus vaccine scams and scams targeting those seeking to buy a pet online during the pandemic.
The resurgence of text scams in the spring of 2021 also appears to be taking advantage of circumstances brought about by the pandemic. And learning more about them can help us to stamp them out.
Why are text scams on the rise?
To understand the apparent increase in text scams, we need to consider two key factors. The first is timing. Missed delivery charge scams are most often rolled out around the busy Christmas postal period, while tax scams are usually timed to coincide with the new financial year.
The pandemic has extended the window of opportunity for fraudsters to successfully target people with both types of scam. More of us are expecting a parcel in the post after increasing our online shopping since March 2020, while novel financial measures taken during the pandemic may have given people the impression that revenue services have altered their operations.
The second factor is volume. These types of scams are delivered en masse, and fraudsters only need to receive responses to a handful of the thousands of texts they send out to make significant sums of money.
That’s not because of the money they’re asking people to send them – which can be a tiny sum purporting to be a delivery fee or service charge – but because criminals can use the card details they’re provided to empty victims’ bank accounts. Other text scams, which prompt you to click on a link, are designed to infect your phone with malware that can help criminals steal your personal data.
The increasing volume of these scams suggests that they do work. And because their success encourages copycat scams, with new criminal groups experimenting with their own texts, it’s difficult to stamp them out entirely despite recent arrests.
The best way to counter these scams is to reduce their success rate, and we can do this by making the public aware of how and why text scams work.
Scammers target psychological impulses
Despite the apparent crudeness of these fraudulent messages, which often feature misspellings or incorrect grammar, they take advantage of timeworn techniques that exploit our psychological vulnerabilities. The aim is to encourage us to respond on impulse rather than thinking through whether we may be being scammed.
Exploiting emotion is the main method used by scammers to achieve this. The delivery charge scam, for instance, often threatens a loss if you don’t immediately pay for re-delivery, with fraudsters issuing a tight deadline before they claim your parcel will be returned to its sender. Emotions such as fear, panic and anxiety can cause us to respond impulsively to scam messages.
On the other hand, positive emotions, such as excitement or hope, can also bias our judgement and encourage impulsive behaviour. The HMRC tax refund scam in the UK is built on the promise of financial gain if you click on a link – but instead of transferring you cash, the link is built to facilitate phishing, giving criminals access to your personal data or bank details.
People are far more likely to fall for this scam if they’ve already received a genuine communication from HMRC that they’re due a tax refund. Psychologists refer to this feeling as ‘illusory correlation’, which happens when we see events as linked when they’re not. Illusory correlation tends to confuse or relax our natural caution, making us more vulnerable to scams.
Anyone can fall victim to scams. Contrary to popular opinion, older people are not more likely to be victims of text scams. This is partially because many older people may be less likely to bank and shop online, have dealings with revenue services, or even use mobile phones.
As technology users, we’re somewhat used to scam emails but scam texts are relatively new. Texts also feel more intimate – we expect them to be from people we know, or from institutions we’ve trusted with our mobile number. And we often access texts on the go, when we’re busy or distracted and less likely to question their veracity.
Protect yourself: Pause for thought
To avoid falling victim to text scams, we suggest you take a few simple steps before choosing to respond.
First, make sure you take some time to properly look at the content of any message you receive. Any written message containing email addresses, phone numbers or language errors could help you spot a scam.
If you can’t spot any blatant errors, just wait – even for a few minutes – before responding. This will allow you time to think whether it’s normal for a company to communicate with you via text.
For delivery scams in particular, it’s well worth interrogating everything about the text you receive. Check the sites you purchase from for the delivery companies they use, or even make a quick call to the delivery company the text claims to be from to help clear things up.
At the end of the day, it’s better to miss your parcel than to lose thousands to scam artists.
Dr Gareth Norris is a senior lecturer in the Department of Psychology at Aberystwyth University, where Alexandra Brookes is an associate lecturer and PhD researcher. Norris’ main research areas include fraud and internet scams, while Brookes’ research is focused on online fraud prevention and awareness. Her current research project aims to identify the human factors that may make individuals vulnerable to cyberattacks.