The timing of the email diagnosing cancer was just right. Andrew Montlake, a 44-year-old mortgage broker from Hertfordshire, happened to have had a blood test just a few weeks earlier. The email purported to be from NICE, the National Institute of Clinical Excellence, and read: "We have the results of your blood test and we have noticed that you have a low level of white blood cells which could indicate that you have cancer. Please contact us immediately – full details on the attachment."
His mother died of cancer when she was 50, he says, and his father is currently undergoing cancer treatment: "I have a certain paranoia about it."
Upon opening the attachment, the Necurs virus began downloading on to his computer, as well as GOZeuS (which would give hackers open access to his computer) and Cryptolocker (which would lock him out of his computer until he paid a ransom to the scammers).
"I never fall for stuff like this but it caught me at a weak, tired and particularly busy moment at work, and knocked me for six," says Montlake. "I realise that no doctor would ever send an email like that but when I opened it, that initial moment of stress was horrible – things run through your head – and all the scammers need is a moment of doubt."
His response was, in fact, a textbook example of how scammers want us to react. They tap straight into your worst fears, to push you into an instant fight or flight response, says Tom Roberts, a scams expert for ethical hackers Pen Test Partners: "When a piece of scareware lands directly in front of you and makes you feel afraid, an animal part of your brain that doesn't think logically takes control and you act instinctively, for self-preservation. Usually, that means doing as you are told, because the message in front of you is saying that if you do, then you stand the best chance of survival."
The assassination threat
In March residents in Humberside were targeted with an email claiming to be from "Muhammed Yunus Jinnah", in which he stated that he has been hired to assassinate the recipient. Local police say they were called by numerous terrified people. The emails were investigated and the recipients (who were not linked) were advised they were a hoax. A police spokesman said: "Sadly, these type of emails could easily scare someone who is unaware that they exist. If you receive an email from that address, delete it."
"Scammers have really started to look into human psychology," says Roberts, who believes scammers use neuro-linguistic programming to help you to imagine a scenario, which then makes it seem more believable.
This month police warned that blackmailers are sending letters to residents in Thames Valley, threatening to expose innocent people as paedophiles unless they bought two bitcoins from a specific account within 72 hours. The threats, sent in the post, warned victims they would be subjected to a smear campaign at their local school and letters sent to their neighbours.
The scammers boasted that their tactics had forced other families to leave their homes and, despite repeated appeals for information by the police, they have yet to be arrested.
"Scams like this make you feel extremely unsettled, even if you're savvy and thinking rationally," says Cary Cooper, professor of organisational psychology and health at Lancaster University Management School. "We don't expect other people to behave that way and that makes us worry about what these people are capable of.
"But some of us also have a greater propensity to be influenced by other people and suffer from low self-confidence, so are more likely to believe such a threat would be carried out. If you're prone to worry and perceive the situation as out of your control – you wouldn't know how to stop such a rumour – this kind of scam will make you feel very insecure and threatened."
Threatening loved ones
Fear for others is regularly used as an emotional trigger. In January scammers began circulating a phishing email that looked as though it was from a legitimate funeral home, offering condolences on the death of "a friend" and asking them to open the attached invitation to the funeral. The attachment, statistically more likely to be opened by the elderly, contained malicious software.
Other scammers try phone calls where you can hear someone screaming and they tell you that your child has been kidnapped and you need to send them money. Some threaten to shoot their "hostage" if you disconnect the call.
Social media is also used to create more effective, personalised scams, according to John Colley, spokesperson for cybersecurity trade association ISC2.
"A scammer looking to target a particular organisation will find out who the senior people are, and look at their profiles on Facebook or on LinkedIn to try to get information that they can use. Then, when they email, they will mention people you know or places you have worked, and ask you to click on an attachment, which will typically infect your computer and potentially give the scammers access to your employer's data or network."
According to Roberts of Pen Test Partners, threats about your friends and family are commonly used in these scams, known as "spear phishing".
He describes the process: "With your name, a scammer can find out your address from 192.com or the electoral register in the UK, find out who else lives at that address and make a judgment about whether that might be your husband or your children. They can then go to Facebook or Twitter, get a bit of information about your children – their pictures, the Facebook group of their school, birthdays from posts you've made about them – and email saying: 'Your children, Bob and Alice, go to a school down the road and their ages are X or Y. If you don't pay me a £1,000, little blonde Alice is going to wind up in a shallow grave. This scammer might not even be in the country but by providing a few key bits of information that are publicly available, he can make it seem like he's watching your every move – and that's really scary."
A message pops up on your screen which purports to be from the police, warning that the user's computer has been locked because he or she has illegally downloaded porn or music. According to Warwickshire trading standards, some people have then complied with a demand for £100 to "unlock" their computer – handing over debit card details in the process.
In Cheshire, emails were sent from the "Cheshire Police Authority" telling users they had breached "Article 128 of the Criminal Code of Great Britain" and the fine was between £200 and £500.
To increase the likelihood that a particular scam will hit the right audience without having to personalise each email, scammers are also buying up legitimate marketing email lists, profiled to match their ideal victim. "For example, if you send an email to a 25-year-old single male, accusing him of watching porn, you are statistically likely to be right," says Roberts.
How to protect yourself
Try not to react immediately to a threatening email. Take five or 10 minutes to calm down and think about it rationally. Where does the email come from? Why would this person be emailing you, specifically, about this all of a sudden?
Never click on an attachment from someone you don't know, even if the email mentions someone you do know.
Consider opting out of the edited register of the electoral roll, as otherwise your name and address can be sold to any person, organisation or company and used for any number of purposes, including direct marketing.
Check your privacy settings on Facebook, Twitter and LinkedIn. Consider the risks of using a very personal photo in your profile picture on Facebook, as this is always public.
Report scams to Action Fraud, on 0300 123 2040 or via its website. It will pass on the details of the crime to the National Fraud Intelligence Bureau.