In the aftermath of the Russian invasion of Ukraine, a deepfake video of Ukrainian President Volodymyr Zelensky allegedly surrendering made the rounds on social media and caught the attention of newsrooms everywhere.
It was a crude attempt made and the production quality was poor. Still, some people bought it, just like they believed hundreds of other fake news items pushed online since the war began: old videos, news taken out of context, sensational rumors with no verification, computer generated content. But can fake news be considered a scam?
It’s not unusual for misinformation and disinformation to flourish during an armed conflict, but fake news isn’t only used to spread confusion, to manipulate political beliefs, or to alter moral. Sometimes it’s used for more pragmatic reasons, like stealing money from unsuspecting victims on the Internet.
Yes, that’s right, fake news and cybercrime have more in common than you think, and that’s because they share a key component: social engineering.
Maybe you’ve heard of social engineering before, and you thought it sounds intimidating and pretentious. The truth is that the concept is very simple. You’ve likely already experienced it first-hand. In a nutshell, social engineering is the craft of manipulating people into doing things they wouldn’t normally do. Advertising uses social engineering to persuade you to buy a certain product. Propaganda uses social engineering to make you more patriotic or to hate the other side. Scammers use social engineering to swindle people out of money and, when it comes to cybercrime, everything from e-mail phishing to phone scams and identity theft heavily relies on social engineering.
So how much does fake news resemble a cyber scam after all? In 2019, criminals used the deep faked voice of a CEO to trick a senior employee into transferring $240,000 into their bank account. The method was identical to the one used with Zelensky – a digitally altered recording - the difference is this time the goal wasn’t political; it was purely financial.
"The attackers responsible for defrauding the British energy company called three times. (...) After the transfer of the $243,000 went through, the hackers called to say the parent company had transferred money to reimburse the U.K. firm. They then made a third call later that day, again impersonating the CEO, and asked for a second payment. Because the transfer reimbursing the funds hadn’t yet arrived and the third call was from an Austrian phone number, the executive became suspicious. He didn’t make the second payment" - Rüdiger Kirsch, Fraud expert at Euler Hermes
But fake news and cyber scams share other common attributes as well. Here’s some of them:
1. They address you directly. They want you to think you’re special, you’re the only one being contacted, you’re the only one reading the message. It’s a little secret between you and the sender. Think of the Nigerian Prince Scam in which you have been selected from a large number of possible beneficiaries. Similarly, fake news wants you to believe you’re the only one seeing the truth, and you have to share it as many times as possible to enlighten others.
2. They want to shock you. As digital citizens we’ve grown rather immune to most types of content, that’s why both fake news and scams rely on something shocking or revolting that will catch our attention: “You’ve inherited millions of dollars”, “You’ve been selected for your dream job,” “You have been infected”, “Your account will be deleted if you don’t act right away.” Similarly fake news headlines are made to be “clickbait”. “You won’t believe what happened!”, “You won’t believe what this celebrity said”, “This video might shock you”.
3. They know a good story sells. The key to a successful scam is building you’re the victim’s trust. To do that, they have to deliver a complicated story. It doesn’t have to be a good story, as long as it’s an emotional, personal tale. Think about all the family drama surrounding Nigerian princes, or the sad stories behind donation scams. Similarly think of absurd scientific claims, or outlandish “inside stories” backed up by obscure so-called specialists.
4. They want a strong emotional response. Whether it’s fear, hate, love, greed, disgust or any other emotion, both scammers and fake news authors are desperate to draw emotional strong response from you, because emotions can cloud your judgment and prompt hasty decisions. What’s your first reaction when someone tells you over the phone a loved one had an accident, and you must transfer money? What’s your reaction when an email from the bank informs you to log in quickly or you’ll lose your account? Similarly, how do you react when you read an article about an injustice? Or a presumed atrocity? Or about a scandalous quote from a politician?
5. They want you to “Act now!” Both scams and fake news carry a sense of urgency. Messages like “Act now to save your account”, “Act now to get rich” and “Act now to prevent a tragedy”, are very common with scams, because cyber criminals know they need you to act fast before their bluff is called. At the same time, fake news readers/viewers are urged to quickly share with friends so more people find out.
6. They multiply during a crisis. Both scams and fake news heavily rely on uncertainty and human vulnerability. That’s why a big crisis, like the COVID-19 pandemic or the war in Ukraine, will act like a catalyst, multiplying the threats.
For more tips regarding the situation in Ukraine, please check our dedicated cybersecurity guide in armed conflict zones.