Why Blaming And Shaming Are Bad For Cyber Security
  • Home
  • Blog
  • Why Blaming And Shaming Are Bad For Cyber Security

Why Blaming And Shaming Are Bad For Cyber Security

Crime victims need to be encouraged to come forward


This week, the BBC reported that a criminal had tricked a woman into handing over thousands of pounds as part of a romance scam. So far, so depressingly normal. But what made this case particularly newsworthy was that the crook had posed as the actor and one-time Olympic diver Jason Statham.

Having first contacted the victim via a Facebook page dedicated to Statham, the fraudster continued to chat with her for several months via WhatsApp. Eventually, the fake Statham convinced her that he needed financial help while he waited for a delayed film payment to come through. Over a series of payments, she sent the criminal hundreds of thousands of pounds.

Even if you have sympathy for the victim in this case, it’s also perfectly natural to bemoan her gullibility. You might even be tempted to use a 🤦‍♀️ (facepalm) emoji or two.

But as well being insensitive, such a reaction only plays into the hands of the criminals.

As Detective Constable Craig Moylon of Greater Manchester Police told the BBC, "The amount of people that report fraud are probably about 5-10% of the amount of people who actually are victims.”

Shame On You

One reason for this shockingly low figure is probably that victims don’t think it’s worth reporting – maybe because their financial loss is relatively small or because they don’t think the authorities will have the will or the power to do anything about it. This is certainly in line with survey results from the Office for National Statistics regarding crimes in general: the top two reasons for not reporting crimes were “Too trivial / not worth reporting” at 32% and “Police could not do anything” at 31%.

But with fraud cases, there’s another big problem that needs to be addressed, and it’s one that affects organisations as much as individuals: shame.

^ If you've fallen victim to fraud, this kind of thing doesn't help

In the Jason Statham case, the victim asked not to be named when she was talking to the BBC Radio Manchester. We can only guess why, but we wouldn’t be surprised to learn that she feels embarrassed about what happened.

That’s understandable: no one wants their most humiliating mistakes held over them forever. What matters, though, is that she reported the crime to police. Where it becomes a problem is when fraud victims feel too ashamed to mention the crime to anyone, including the authorities or their employer. At the company level, firms may decide it’s better for their reputation to cover up an attack rather than reveal it.

Why Report Fraud?

Realistically, reporting a crime isn’t necessarily going to lead to a great outcome where the criminal gets caught and the victim gets all their money back. As happened in the Jason Statham case, it’s often impossible to start prosecution proceedings against anyone, because they can’t be traced or they’re based abroad.

Yet there are important reasons to encourage reporting of fraud. For a start, victims need support, and they can only get that if we know they’re victims. Secondly, to understand cyber crime, we also need to know the shape and scale of the problem, so we can see how criminals are behaving and what kind of new tactics they’re employing in the process. Third of all, if the crime happens in the workplace, you need to alert the rest of the business and perhaps review your current cyber security. Finally, companies that try to bury cyber breaches may only be delaying the inevitable, and if news gets out you didn’t report an attack, not only will your reputation suffer even more, but you could be in breach of data protection laws.

^ Clue: this is not a healthy work environment

We also need to view fraud cases in context. For example, looking in from the outside, it seems ridiculous to think a Hollywood actor would not only be contacting you via WhatsApp but would also need to borrow money from you. But the victim in this case was emotionally vulnerable due to other events in her life, and it’s this that the criminal exploited. Without experiencing whatever the victim was going through at the time, how can any of us really judge her?

It’s vital, then, to create a culture that encourages victims to come forward – not only in everyday life but also in business, where they might not only feel shame but fear possible punishment. You don’t want employees hiding things from you because they’re scared of being fired.

Ulimately, you want to show victims there will be no recriminations if they admit to being tricked by fraudsters. Listen to what they have to say, and offer them the support and training they need to be more vigilant against cyber attacks in future. 

Whatever you do, don't play the blame game. If you do, the only winners will be the criminals.

Categories

Download The TMB Guide To Cyber Security Now!

Recent Posts

Follow Us