Scams are common in all walks of life, and people fall for them every day. People also successfully avoid them every day. I’d like to briefly discuss two of my experiences with scammers and how I protect myself from them.
I’ve been the target of scammers many times since I first began providing professional services as a software engineer and musician. During the first instance I can recall, I offered private, in-home saxophone lessons in South Jersey and worked to build a list of clients. I got an email one day from someone asking me to give saxophone lessons to their daughter. They asked if they could pay for the entire month up front, and I replied yes. Then, they told me they mailed me a check, but after mailing it, I realized they put the wrong amount on the check, an amount much higher than what I charged. They asked me to send them a check back for the difference once it arrived. This raised some red flags, so I looked this scenario up online and found it is a common type of scam. I was certain it was a scam, but instead of challenging them, I asked them to void that check with their bank and send me one with the correct amount. If they could do that, I would be happy to continue. I never heard from them again, and after some days, I concluded that they never sent me a check in the first place.
In a more recent instance, someone I used to work with years ago sent me a message asking me to host a small website. They introduced me to their colleague via email, who gave me all the code files and said they only needed me to put it on a website server. I looked at the code file and saw that it was essentially a username-password form that had the appearance of a well-known website. Red flags were already going off in my head, but I decided to ask them what this website was for. They told me it was for internal company research to see who would fall for phishing attempts. This is something legitimate companies do, but I told them that if this is their intent, they cannot capture and save the passwords; they should only log that a password was entered with no further information. I already knew how they would respond when I sent that email. They replied that they needed to verify that the password was correct as if the user would enter the wrong password to test the website. I promptly ended the discussion. Had I done as they asked, I could have been in severe legal trouble had any passwords been compromised.
In both of these cases, I reached a point where I was sure that I was the target of a scam. At that point, I asked a question or made a statement that would force the other party to either reveal their hand or give up their attempt. In the first example above, my request for a separate check stopped their scam attempt in its tracks. In the second example above, our back-and-forth effectively revealed that they were trying to scam people out of their passwords and use me to take the heat if it was discovered (since I’d be the one hosting it). Over time, my experiences have taught me that there is always a tipping point where the crux of the scam sits: either the target will fall for it, or they will stop short of that crux. They cross over that crux by taking the crucial action that will enable the scammer to rob them of their money. A skilled scam artist might be able to hide or decorate that crux point very well, but it will still be there.
Having foreknowledge of different kinds of scams can help protect you from them, but you’ll never be able to learn every single type (I imagine countless that have yet to be created). There will be circumstances where you will be confronted with a kind of scam you’ve never heard of before. To protect yourself in these cases, you must ensure that any time you enter a transaction, negotiation, or any situation where you will exchange or donate something, you are looking for that crux. Throughout the situation, make observations about the fine details. Reason about why the situation is set up as it is and what the other party has to gain from it. Look for anything that might reveal a crux or tipping point. If you see a possible crux, guide the conversation or force the other party’s hand, and if possible, do it in a way that gives you plausible deniability in case you are mistaken. Since you won’t know if you are the target of a scam until after the scammer has begun their work, you will need to do this consistently.
Note: the contents of this post should not be taken as legal advise.