Scammers know you better than you know yourself. For all their differences, humans tend to display the same weaknesses when approached with a “too good to be true” scam. A 2009 University of Cambridge technical report reviewed various schemes and the psychology behind scam victims, finding seven behavioral principles repeatedly targeted by con artists:

1.     Distraction principle: While you are distracted by what retains your interest, hustlers can do anything to you and you won't notice.

2.     Social Compliance principle: Society trains people not to question authority. Hustlers exploit this “suspension of suspiciousness” to make you do what they want.

3.     Herd principle: Even suspicious marks will let their guard down when everyone next to them appears to share the same risks. Safety in numbers? Not if they're all conspiring against you.

4.     Dishonesty principle: Your larceny is what hooks you initially. Thereafter, anything illegal you do will be used against you by the fraudster.

5.     Deception principle: Things and people are not what they seem. Hustlers know how to manipulate you to make you believe that they are.

6.     Need and Greed principle: Your needs and desires make you vulnerable. Once hustlers know what you really want, they can easily manipulate you.

7.     Time principle: When you are under time pressure to make an important choice, you use a different decision strategy. Hustlers steer you towards one involving less reasoning.

Social compliance is arguably both the easiest and the most difficult scheme to pull off. A recent IRS scam that may have victimized 450,000 individuals takes advantage of this principle, operating on the widely held assumption that authority is not to be questioned.

Government bureaus in particular are expected to be legitimate, and, in the case of the IRS, scam targets are more likely to fall victim to the scheme simply because the penalties for ignoring tax demands are significant. This particular scam took advantage of Caller ID technology, spoofing a phone number similar to the 1-800 IRS helpline to fool recipients into believing the caller was legitimate. Through March, 523 different phone numbers were involved in perpetrating the scam.

When listening to the call recordings, it is hard to believe that anyone would fall for the scam. However, targets of the IRS scheme are specifically immigrants — in one recording, the caller explicitly states that they do not call “Americans.” In the moment, scammers operate on the victim’s unfamiliarity with government policy on phone calls and money demands, as well as their fear of larger penalties.

No Such Thing As A Free Lunch

Exploiting greed requires little more than a general understanding of the most popular desires. Free gifts, vacations and prizes are the most common false offerings, and promise the only payment on the victim’s end is for postage and handling. Pair this promise with the “limited time offer” time constraint and scammers have a recipe for quick money.

Most offers and requests claim the victim doesn’t need to speak to anyone about the scam company, nor are they able to provide written information about the business location. This is obviously because the company doesn’t exist, but by operating on the time and distraction principles, victims are caught off guard and forced to make a quick decision.

Scamming Is Lucrative and Adaptable

Through indirect and direct methods of identity theft, fraudsters managed to steal $18 billion from consumers in 2013, with total financial loss reaching $21 billion. However, the good news is that this is down about 15% from the 2012 total of $24.7 billion. A 2013 Javelin Strategy & Research study found the average victim of a scam will lose $4,930, and 64% of these losses arise from misuse of a credit card. Arizona and California are the two states with the highest incidence of identity theft, at a respective rate of 149 and 139.1 victims per 100,000. South and North Dakota had the lowest, at 33.8 and 35.7 victims per 100,000.

And those numbers are from identity theft alone; a 2013 survey from FINRA Investor Education Foundationfound that 8 in 10 consumers had been targeted with a “potentially fraudulent offer.” Of that 80%, 11% fell for the scam and lost “a significant amount of money.” Pump and dump stocks as well as Ponzi schemes are still around to dupe the inexperienced investor.

Ponzi schemes are particularly lucrative; the Bernie Madoff scandal reaped $18 billion from investors. Put into perspective, that number is the equivalent of the total amount lost to identity theft in 2013. Emails from abroad are also common, typically involving a wealthy Nigerian prince claiming to be moving overseas and requesting the victim’s bank account information to hold the scammer’s riches while he travels.

And the proliferation of smartphones and applications requiring bank account information is making it ever easier for scammers to collect victims’ information. It requires no human interaction and operates on users’ blind data entry. These scams operate on almost all of the seven principles of deception, posing as legitimate applications and distracting users with a game or other phone feature that underhandedly collects data for later use. Forty-four percent of all fraud involved an online transaction.

These attacks are not particular to individual consumers, either, and are now happening on a wide scale thanks to widely available information that makes hacking simpler than ever before. The New York Times’ website was defaced in August 2013 and replaced with the name of a hacker group when it gained access to internal passwords. The Target (TGT) fraud that leaked the information for 40 million credit cards over the 2013 Christmas holidays resulted from stolen access credentials of an air-conditioning contractor working with the company.

Guard Personal Data to Protect Yourself

According to the FTC, the best way to avoid becoming the victim of a scam is to hold on to personal information unless absolutely necessary. Technologies change, but human behavior appears to remain the same — scammers are using the same old techniques, just on new interfaces.

There is nothing wrong with asking why a caller or smartphone application is requesting your phone number or GPS location, and while it is difficult to screen all requests for personal data, smartphone users must now pay close attention to the information they are releasing for the sake of convenience. While software developers are getting better at protecting consumers against high-tech scams, fraudsters are just as quickly adapting to new technologies and their security loopholes.