This essay was submitted to Open Philanthropy's Cause Exploration Prizes contest.
An incident that has happened to me recently made me realize the importance of having a tight system in place to tackle phishing. I usually order things online and some are recurring purchases, so I expect at least a couple of packages every month. Last month I made a big purchase (big for me at least) and the delivery failed 2-3 times. So, I was constantly contacting the delivery company for the whereabouts. I got a text message which linked to “their website” and it looked exactly like the original website. It asked me to input my credit card details as I was charged a fine of $3 for another delivery attempt as they had passed their 3 deliveries maximum, I naively paid, later when I heard back from the UPS customer service, I found out that their failed deliveries were due to the package room of my apartment undergoing maintenance and I immediately blocked my card.
Another such incidence is that I and many of my friends and colleagues from the university I study at keep getting emails from “department staff or faculty” asking for our personal details for applications for seminars or jobs but it is not really them. And many of us have fallen for such emails despite having a good awareness of such crimes.
Some time back a worse fraud ended up retrieving money from a friend’s father. He is a middle-aged guy in India working in a small company earning enough to afford a simple life. He got a call saying their bank account was expiring and they wanted him to give all the account details for the scammer to help him “with the transition”- a textbook fraud, the likes of which would not fool many young people or so I think. He lost close to 600,000 rupees which is what he had saved for over a few years.
Now, there is no way that these scammers would get caught, they would immediately change their numbers, keep the money flowing from one account to the other so it never gets traced. All in all, an extremely hard to reach criminal with no name, face, or identity. Someone lost their life savings in minutes and there is no going back.
There are a few ways in which I can see this issue getting some serious de-escalation. One would be good public awareness campaigns, especially for the people in the age bracket 40-65 or 75 who are not so savvy with the current technology and are significantly more gullible to such attacks thereby making them a prime target. Public awareness is a broad term, it includes TV advertisements, local meetups, and talks; spreading awareness via any form of social network or information media.
Another and a more direct approach would be to fund startups or research groups that are working on identification and possible subsequent blocking of such wildly circulated phishing frauds. I have read of one of many such research groups who are working on reducing the effectiveness of scammers identifying all the details of a person. So, they scramble some information thereby mismatching, say, addresses of the people and they found that this does reduce the chances of a successful identification of a targeted person. Also, many such scamming groups get their information about one person from many diverse sources. If there was a way that they are not able to accurately identify someone or get misinformation such that their attack is not efficient, that would be impactful as well.
We sometimes get a notification from the phone saying things like “Scam Likely” or “This number has been blocked by 234 people” which is useful, but it does not work many times. There are so many individuals who have lost their hard-earned money by falling into such dishonest schemes that it begs to be taken much more seriously. Since there is not enough funding in this field based on what I gathered talking to a professor at my university who works on data privacy. If there is a way to reduce such attacks, it would greatly benefit many people, both young and old.