Tuesday, July 27, 2010

Scams

Lately, I've seen local news stories of people falling for scams and losing money, property, or both. This non-local story was on the radio this morning.

Some of these circumstances seemed like they’d be a very obvious scam. It’s got me thinking about how we trust organizations we do business with, how we determine credibility, and how we fall for scams.

Having a computer science dad, I had home internet access before lots of kids at school. Actually, before we had internet at home, I remember going to my dad’s office at the university and being allowed to search for pictures of the Simpsons and Toy Story on Netscape Navigator, then printing them on a colour laser (the unit probably cost an insane amount of money at the time).

When we got home internet access (around... ‘96 or ‘97?) my dad told me two simple rules for protecting myself online:
  • Never, ever post my name, address, or other personal information online. 
  • Never, ever trust anything online (banner ads, spam, e-commerce) - it’s ALL a scam. 
These were probably the two best pieces of advice anyone could have been given growing up with the internet in the 90s and the early 2000s.

The evolution of the internet from 1997 to 2010 has made following these rules impossible. The social web encourages disclosure of personal information, and our most trusted organizations and companies have websites that we happily plug our information into (universities, science camps, e-commerce, banks, etc). This isn’t a bad thing - I love the convenience of web-based services.

Despite the changes to the online landscape, my dad’s two rules of the internet never lost their significance, especially when new services pop up online. It’s safest for consumers not to trust organizations by default. It took me a long time to become convinced that sites like eBay, PayPal, Facebook, Google’s non-search services, Quicken Online, Twitter, and more were trustworthy enough to use. I don’t use online products without careful consideration and review (or a bogus test account).

A happy side effect of my dad’s two rules for the internet is how easily those principles transfer to “offline” business:
  • Never give your info to any company/organization, ever. 
  • Never trust any company/organization - everything is a scam. 
The point is exaggerated. I trust and do business with dozens of companies. Organizations that I am unfamiliar with have to earn my trust, be it through a positive first experience or through reputation and reviews.

Let me rephrase: There’s no social or economic obligation to trust a business by default, and consumers should never feel guilty when they (directly or indirectly) question the legitimacy of an organization. Organizations are completely responsible for earning and keeping the consumer’s trust.

Over the past few years, something unexpected has happened: I trust organizations more through the web than in real life.

For example:
  • When RBC sends me communications through my online banking inbox, I trust those messages much more than the RBC telemarketers who phone me with the same offer. How do I know those calls are from RBC?
  • When someone shows up at my door from the Heart & Stroke Foundation, the Lung Association, or another fundraising campaign, I politely turn them away and say that I’ll contribute to the cause through their website, if anything. No website, no credibility. Sorry, random dude raising money for your kids' hockey team*. 
  • When someone phones me with a survey about a service they provide for me (say, SaskTel or Shaw), how do I know I’m actually talking to a rep from that company? Send me a link to the survey, hosted directly on your organization’s website.
*I could have sworn someone pulled this scam in Saskatoon a while ago, but I couldn't find a link.

Being a skeptical consumer is most important when money or personal information is involved. If my car dealer phones me about a recall, or London Drugs phones to say my photos are ready, or UPS shows up to deliver a package, should I worry? No. There are few practical reasons not to trust a purely informational solicitation, especially from an organization you’re connected to.

So, why do we fall for scams? Is it generational, or is it a result of our previous experiences? I don’t really know. Perhaps people are too trusting, or perhaps the enticement of money, love or reward eclipses that little internal voice that repeats, “if it seems too good to be true, it probably is.” I found some interesting research  from the Office of Fair Trading in the UK on who is susceptible to scams, but no one has a straight answer.

To wrap up, like the best way to protect yourself from getting scammed or ripped off is to assume that everything is a scam or a ripoff, online or offline (a word of caution: be practical, not cynical), avoid acting on impulse, and make sure that organizations earn your trust.