Problem

Any security-protected system's weakest link is people. Scammers, therefore, exploit the psychological aspects and idiosyncrasies of humans. So, even if people are aware, they fall for scams as the scammer manipulates and creates a sense of urgency to take action without giving them time.

How might we help people to support/not fall prey to scams?

Solution

A mobile application that aids the victim in identifying real-time scams that occur via phone calls and advising them on the mitigation measures that need to be taken based on the urgency of the situation after any scam has occurred.

Understanding the scenario

Literary reviews were conducted to understand the current scenario and modes of scams, how it becomes successful, and what are the current solutions and technologies in the market. Due to the limited timeframe and inability to find survey participants, we decided to triangulate findings using surveys performed via government organizations.
Impact

2.8 M

consumers reported fraud

$5.8 B

lost in fraud

70%

increase over the last year

Current Solutions

Most solutions on the market cater to pre-scam precautions. However, this is ineffective as scammers come up with novel social engineering tricks. Solutions for during-scam are very limited and don't provide the required intervention that breaks the chain of thought of the victim. For post-scam actions, there are online resources providing the necessary information. However, it's widespread and a victim may not find the right information at the right time. There are no effective technologies in the market that understand human behavior and provide real-time support for social engineering attacks.

Getting into depth

We conducted user interviews (questions) of 8 people with diverse backgrounds (7 scammed victims and 1 ethical hacker) who have been scammed in order to understand their experience, emotions, loss and what led to them being scammed. The ethical hacker helped us to understand the current scenarios, the methods that are currently available and why scammers tend to be successful.

What was uncovered...

After completing the research, the team commenced the process of coding the interviews and key findings from secondary research, while identifying key themes through affinity mapping. It was followed by synthesizing research insights to translate to ideas.

Major insights were:

Exploiting Trust

Scammers take advantage of people's vulnerabilities such as psychological factors and exploit them by earning their trust leading to losing their valuables despite the strong digital security solutions employed.

Human Gap in Scam Tech

Several technologies are prevalent in the market to mitigate scams. However, there are no effective technologies in the market that understand human behavior and provide real-time support for scams.

Overload in Scam Responses

Victims often experience overwhelming emotions such as anger, regret etc. after being scammed. When trying to respond appropriately, they often face information overload, resulting in delays or incomplete actions against scams.

Which direction?

In the realm of human susceptibility to exploitation, existing technologies fall short in comprehending human behavior and offering real-time assistance against social engineering attacks. Consequently, our team decided to investigate three pivotal areas:

Given the prevalence of scams, it's noteworthy that 70% of scammers employ mobile phones as their primary means of contacting potential victims, as reported in the Consumer Sentinel Network Data Book. Consequently, we have chosen to concentrate our efforts on combating scams perpetrated through mobile devices.

Exploring Ideas

How can we raise awareness about scams?
Enabling individuals to anonymously share their experiences and compile and tag scam-related information such as numbers and messages.

How can we support victims while they are ensnared by scammers?
Providing real-time assistance during ongoing scams while safeguarding user privacy.

How can we minimize the aftermath of a scam?
Offering a comprehensive solution for victims to quickly mitigate the consequences of a scam.
‍
Based on the statements, 2 ideation sessions (with the team & with a subject-matter expert) were conducted. Further, the final idea was selected through an internal discussions and voting based on impact and effort.

Timely and Humanized Safeguarding Against Scams

The selected design solution prioritizes addressing both immediate and post-scam situations due to the persistent growth of scams, despite existing awareness solutions.  It will have two modules: one for detecting scams during phone calls and another for providing post-scam support and action plans for all types of scams.

A mobile application featuring virtual assistance for real-time scam assessment and assistance after falling victim to a scam.

Why Ping?

While a range of technologies is available for safeguarding consumers and digital systems, such as machine learning algorithms for predicting suspicious numbers, VPNs, intrusion detection systems, and advanced filtering mechanisms, there is currently a notable gap in the market. This gap pertains to the absence of effective technologies capable of comprehending human behavior and offering real-time assistance against social engineering attacks, which often exploit humans as the easiest and weakest link.

How it works?

Fraudsters exhibit a high level of adaptability, tailoring their conversational approach to match the targeted victim's responses. Despite their ability to adjust communication styles, they consistently adhere to a predefined script/pattern. The system leverages word embedding techniques from natural language processing to detect scam signatures within conversations, akin to how malware signatures function in antivirus software.

To implement call recording in our solution, we must address privacy rights. In the United States, 39 states require only one-party consent, meaning the person initiating the recording must consent. In the other 11 states, two-party consent is necessary, so we include a disclaimer to ensure compliance and respect privacy rights.

Converting sketches to wireframes

Improvising the product based on feedback

Think-aloud sessions were conducted for the application with 6 participants. 2 tasks were provided to the participants to perform:
1. Receive a call flagged by Ping as a potential scam from an unknown number. Utilize the app to protect yourself.
2. You've fallen victim to a Discover credit card scam. Use the app to discover the necessary steps for mitigating the loss.

1. Better user autonomy
Earlier, the on-call overlay initiated the "get assistance" option only after the analysis surpasses the 60% threshold. To enhance the user experience, it is vital to offer users control to access assistance at their discretion, rather than solely relying on an automatic trigger at the 60% mark.

2. Lack of proper feedback
Users previously experienced the need to repeatedly check the app for analysis completion, causing stress and frustration and there was also no visual indication if the analysis is still going on. To address this, haptic feedback during different levels as well as a visual indicator was added.

"Hm..is it still analyzing or is it only 40%?"

Get inspiration, iterate & move fast!

1. Get inspiration
A significant challenge we faced was addressing privacy concerns when recording phone calls and obtaining consent from all parties involved. To overcome this obstacle, we examined how similar mass-audience recording applications handle these issues and tailored their approaches to our application's unique use case.
‍
2. Iterate and update
We accomplished the project within a month, prioritizing swift iteration, regular updates, and actively seeking feedback from potential users.

Additionally, we had the opportunity to present the project at the CMD-IT/ACM Richard Tapia Celebration of Diversity in Computing Conference, where we received valuable insights and had interesting discussions regarding how we can protect the vulnerable population!