Digital life is cluttered with bogus text messages, spam calls and phishing attempts. You can try to block, encrypt and unsubscribe your way out of it, but you may not succeed. By Steven Kurutz April 21, 2024
You open your eyes and grope for your phone. You check your inbox and discover dozens of spam emails that made it past the filter.
Tapping over to Instagram, you find a request for a supposed brand collaboration in your DMs. Your WhatsApp notifications, meanwhile, consist solely of strangers asking you to invest in a cryptocurrency exchange.
A recruiting manager has contacted you through LinkedIn to say they are “impressed with your unique background and journey” and want to discuss “exciting job opportunities” at several Fortune 500 companies.
While scrolling social media on your lunch break, you see Tom Hanks promoting a dental plan and Taylor Swift peddling a cookware giveaway. (Or at least that’s what seems to be going on.)
On the way home from work, you receive a text alert from FedEx, with a tracking number and a link to update your delivery preferences — except you don’t remember any pending shipments to your home.
Should you click the link? Pick up that call? Pursue that job opportunity? Is the person who texted you “hey” just now from a number you don’t recognize someone you actually know?
Welcome to Scam World, the seedy layer just beneath the world we live in every day. It’s cluttered with these bogus text messages, spam calls and phishing attempts.
In Scam World, any engagement with a stranger is a risk. Thanks to spoofing, for example, which cloaks the identity and location of the computer or phone being used, a call could be from a helpful customer service representative or a cyber criminal pretending to be one.
The internet is moving too fast for regulators to keep up with the quickly evolving deceptions.
There are political donation scams, in which someone masquerading as a campaign worker seeks a contribution. There are sextortion scams, in which a person posing as a hacker claims to have recorded you watching porn through your laptop camera. There are medical billing scams, rental scams, employment scams.
Seemingly every facet of daily life now comes with its attendant scam — even death, when details in online obituaries result in identity theft. And the prospect that we may be deceived at any time “leaves us feeling vulnerable,” said Pamela Rutledge, the director of the Media Psychology Research Center in Boston.
“The lack of trust means you’re not able to take information at face value,” she said. “You’ve got a heightened state of vigilance.”
‘Groomed’ to Be Scammed
In the early years of digital culture, the border between the real world and the internet was firm. Surfing the web for an hour or two in the evening felt like a hobby separate from the business of everyday life.
Now we carry the internet around in our pockets and rely on it for practically every aspect of daily life. “We are in the computer,” said Rachel Tobac, the chief executive of SocialProof Security, a cybersecurity company.
Living our lives online has bred a misplaced but necessary trust. It would be difficult to use TikTok, Uber and Gmail every day while believing that doing so creates a perilous risk. Many people “turn their brains off” when they go about their business on these apps and platforms, Ms. Tobac said, “because it is so stressful to consider that these interactions are potentially harming.”
To be sure, there are still plenty of real-world fraudsters and grifters, some of whom — like Anna Delvey and Sam Bankman-Fried — have become figures of fascination. But “a digital realm creates a bigger funnel — at less cost — for scams,” said Cory Doctorow, a journalist and science-fiction author who has written about the web since its early days.
Mr. Doctorow noted that, just as the internet has made routine tasks less burdensome, it has also made scams much easier to pull off. Picture an old-school boiler room in which fast-talking con artists place hundreds of phone calls in an effort to fleece strangers out of their savings, he said. Now fast forward to 2024, when scammers can send out millions of phishing texts and emails with the help of bots.
“If you can automate parts of it,” Mr. Doctorow said, “you can cast a much wider net.”
Text scams tricked Americans out of $300 million in 2022, the Federal Trade Commission reported. That same year, Americans received 225 billion spam texts, a 157 percent increase from the previous year, according to a report by Robokiller, a company that sells a spam-blocker app.
As digitally savvy and cautious as he is, Mr. Doctorow is not immune to phishing.
In December, while vacationing with his family in New Orleans, he got a call from his bank asking if had spent $1,000 at an Apple store in New York. In fact, the caller was a scammer who had gotten hold of Mr. Doctorow’s phone number and the name of his credit union — perhaps from one of the many data brokers that collect personal information and sell it to third parties — and then used spoofing software to appear as his bank on his caller ID.
During the call, Mr. Doctorow gave out the last seven digits of his debit card number — enough information for the scammer to run up charges on his account.
Sophisticated tech makes this kind of deception possible. But Mr. Doctorow argued that, thanks to outsourcing and automation, the typical communication sent by the customer service departments of many large companies has become “indistinguishable from a phishing scam.”
The prevalence of online deceptions can also add a bit of unwanted drama to mundane tasks. Recently, Ms. Rutledge, the psychologist, thought she was being scammed when she received a letter from a government office on “the crappiest letterhead I’ve ever seen.”
“This can’t possibly be real,” she remembered thinking.
But it was.
As Mr. Doctorow put it, “The legitimate world looks so much like a scam that it’s much easier to make a scam look like the legit world.”
The science fiction author William Gibson, who coined the term cyberspace, made a hacker the protagonist of his 1984 novel, “Neuromancer,” which is set in the 2030s. Some 25 years after he wrote it, he began setting his books not in the distant future but in the present.
The fraught landscape of the 2020s seems especially Gibson-like — a destabilizing, fatiguing grind in which the very technology we rely on makes us unsure that what we see and hear is real.
Two recent incidents reveal how easy it is to get sucked into Scam World.
In February, a finance worker in Hong Kong was tricked into transferring $26 million of his company’s money to fraudsters who impersonated his colleagues on a video call. The scam made use of “deepfake” recreations sophisticated enough to make him believe he was speaking with his boss and other staff members. (The phony promotions featuring Tom Hanks and Taylor Swift used similar technology.)
Days after Bloomberg reported on the elaborate scam in Hong Kong, The Cut published a first-person account by Charlotte Cowles headlined “The Day I Put $50,000 in a Shoe Box and Handed It to a Stranger.”
Toward the start of the story, Ms. Cowles, a financial journalist who has also written for The New York Times, writes that “a polite woman with a vague accent told me she was calling from Amazon customer service to check some unusual activity on my account.”
What followed was a psychodrama straight out of Hitchcock: After Ms. Cowles was informed that she was the victim of identity theft, she was transferred to an F.T.C. investigator and then to a C.I.A. agent. She learned that she was being investigated for federal crimes and that her phone was tapped.
The hourslong ordeal — a drama entirely manufactured by scammers, played out over a phone line — contained all the ingredients of a modern scam, Ms. Tobac said. “They’re spoofing customer service, building authority with sensitive details from data brokerage sites, using urgency and fear and appealing to authority,” she said.
The reactions to the story were not universally sympathetic, and Ms. Cowles understood the complaints of critics who found her credulous.
“Certainly before this happened to me, I was someone who didn’t think I was vulnerable to scams,” she said in an interview.
The numbers belie that reaction, however.
More than 600,000 cases involving impostor scams were reported in the United States last year, costing Americans more than $2 billion, according to the F.T.C. The victims included Andy Cohen, the Bravo TV host, who went on NBC’s “Today” show in January to warn viewers of how he had lost thousands of dollars to someone posing as a representative from his bank.
Not long ago, online scams were much easier to spot. An elderly person ill at ease with the internet might fall for a clumsy, typo-ridden email asking for cash, but the rest of us were too web-savvy to be duped.
Nowadays, the victims of internet fraud are more likely to be people who grew up online. In 2023, for the first time, 18- to 24-year-olds lost more money to scams than any other age group, according to the Better Business Bureau.
TikTok is rife with Gen Z-ers posting about how they fell for an ad promoting a deal for a trendy mirror, or applied to a fake position on a job site, or had their email hacked by scammers who then hijacked their PayPal account.
Being digitally native doesn’t inoculate you; in fact, it makes you a target.
‘Politely Paranoid’
Martha McCully describes herself as “a very organized person,” and someone who keeps her online passwords in an encrypted vault in Bitwarden. A writer and brand consultant who splits her time between California and New York, Ms. McCully, 63, says she never clicks on a random link.
“How do I know you’re Chase?” Ms. McCully asked the woman who called her last December.
She had received a text from her bank, asking if she had spent $2,400 at Walmart. When she replied no, her phone immediately rang. The caller ID listed the number as “Chase Debit Card” on her screen, since Ms. McCully had put the number on the back of her card into her contacts.
By now, you know where this is going.
Ms. McCully stayed on the phone with a woman supposedly from Chase for more than two hours, time enough for the scammer to drain her account of $50,000 through wire transfers. In a diabolical maneuver, the woman was also spoofing Ms. McCully’s number to Chase representatives to make the transactions.
Her encrypted passwords offered her no protection. And Chase was not able to claw back the stolen money; it is probably gone for good, Ms. McCully said.
“I’m now so paranoid about everything,” she said. “I was having this dream this morning that my backyard was broken into.”
Ms. Cowles, the financial columnist, was similarly shaken after being scammed. She said she has been thinking lately about the book “Influence: The Psychology of Persuasion” by Robert Cialdini, which posits that when humans receive a favor or help, as happens during an exchange with a customer service representative, they are wired to reciprocate.
“That is a deeply embedded survival instinct,” Ms. Cowles said. “But now that we are so surrounded by information and noise, it’s almost as if our ability to understand who to fully trust has gone haywire. We have to second-guess ourselves every day.”
The strategies people have used to ward off the risks of the analog world may not apply to the new digital reality, said Ms. Tobac, the cybersecurity expert.
“We’re in easy territory for attackers,” she said. “We haven’t built up defenses.”
“I’m skeptical about almost everyone,” Ms. Tobac continued, noting that when she was contacted for this article, she put the reporter’s email address into a verification tool and used a second method of communication, reaching out on X. Only then did she feel safe enough to agree to a phone interview.
Ms. Tobac calls her approach being “politely paranoid.” She has to repeat her multi-step verification process dozens if not hundreds of times a week. Polite or not, she has learned to embrace the paranoia.
As if to underscore what it takes to maintain security in Scam World, she said midway through the interview: “This, by the way, is not my real number.”
Steven Kurutz covers cultural trends, social media and the world of design for The Times. More about Steven Kurutz