The most dangerous myth about scams is that they only catch foolish people. They don't. They catch doctors, accountants, and IT staff. They catch careful people on a bad day. Understanding why is the thing that actually protects you — because scams don't attack your intelligence. They attack your emotions, and they're engineered to reach you before your thinking does.

The universal formula

Almost every scam ever run uses the same three ingredients:

  1. A strong emotion — fear ("your account will be closed"), greed ("you have won"), urgency ("act in 10 minutes"), or trust (the message appears to come from someone you know).
  2. Pressure to act immediately — because thinking is the enemy of the scam.
  3. A request that quietly benefits the sender — a code, a payment, a password, a click.

Once you know the formula, you stop trying to memorise a thousand different scams. You just watch for the shape. Any message engineering an emotion and rushing you is suspect, no matter how ordinary it looks.

The ones that actually catch people here

The verification code trick. Someone messages — often from a friend's already-stolen account — saying "I mistakenly sent a code to your number, please send it back." That code is the key to your WhatsApp or bank account. Forward it and it's gone, and then the attacker starts messaging your contacts with the same trick. This one spreads through trust, which is exactly why it works so well.

The wrong-transfer refund. "I sent money to your number by mistake, please send it back." Often the original "transfer" is a fake SMS notification, or real money that will be reversed — you refund from your own balance and lose twice.

The job that charges you. A job offer arrives, sounds great, and then asks for a "registration fee" or "training materials". Real employers pay you; they do not charge you for the privilege of being hired.

The investment with guaranteed returns. Daily percentages, no risk, just recruit others. Guaranteed high returns do not exist in finance — that is not an opinion, it is arithmetic. Every one of these ends the same way, and the only question is who's holding the bag.

The fake login page. A link claiming your account has a problem opens something that looks precisely like Facebook or your bank. You type your password into the attacker's page. Nothing was "hacked" — you logged into a costume.

The five seconds that stop nearly all of it

Here is the habit worth more than any antivirus:

When a message makes you feel something strongly, stop for five seconds and ask: "Who benefits if I act right now?"

That's it. Five seconds is enough for your thinking brain to catch up with your emotional one, and almost every scam collapses the moment thought arrives. The urgency exists specifically to prevent those five seconds. Take them anyway. Nothing legitimate is ever destroyed by a five-second pause — and a scammer's entire business model depends on you not taking it.

Then apply the three rules that follow:

  • Never share a verification code. With anyone. Ever. There is no legitimate reason.
  • Never log in through a link someone sent you. Close it, open the app yourself. A real problem will still be there.
  • Verify through a different channel. If "your friend" asks for money, phone them. If "your bank" messages, call the number on your card, not the one in the message.

Being kind about it

If someone you know gets caught, the worst response is mockery — that's exactly what keeps victims silent, which is precisely what lets the scam spread to the next person. These attacks are professionally designed to work on ordinary people having ordinary days. The right response is to help them lock things down fast and tell others what the trick looked like.

Awareness spreads faster than any scam does, but only if people talk about it.

If this kind of thing interests you beyond self-defence, it's an entire career — and we teach the foundations free in our cybersecurity course, from how networks actually work to how attacks are found and stopped.

A

Written by admin

A software developer based in Zambia, building practical software and sharing what I've learned through writing and free tools. More about me →

Never miss a post

Get notified when there's something new

No spam — just a quick email when a useful article or tool launches. Unsubscribe any time.

Browse all articles