We all like to believe that we are savvy enough to avoid obvious and a little less obvious email scams. We laugh at emails from a mysterious sender who offers us 2 million dollars in return for our credit card number.
But the rules of the game have changed, and terrifying new con techniques have emerged. Scam bots are searching the internet for every piece of information they can uncover about us and adopting a targeted personal strategy.
Even cybersecurity professionals are falling for scams now that scammers are becoming more cunning each day.
Oliver Buckley, remembers getting an email from his university’s pro-vice-chancellor in 2018 that read:
“This is it, I thought. Finally, those in positions of authority are acknowledging me. But something didn’t seem right. The pro-vice chancellor used his Gmail account for what reason? How could we meet? I inquired. All I had to do was scratch off the back of the iTunes gift cards and provide him with the code; he required me to buy 800 pounds worth of them for him. I promised to go down to his PA’s office and give him the five-pound note I had in my wallet because I didn’t want to let him down. But he never replied to me.“
Prince of Nigeria
Emails from the famed “prince of Nigeria” are becoming obsolete. Instead, con artists scour business-related social media sites like LinkedIn to find people to target with personalized messages.
Examining the posts and comments that two people exchange with one another can reveal the strength of their relationship. LinkedIn accounted for 52% of all phishing schemes globally in the first quarter of 2022.
Human tendencies
According to psychologists who study obedience to authority, we are more inclined to respond to demands from persons higher up in our social and professional hierarchies. Fraudsters exploit this very fact extremely effectively.
Scammers don’t have to waste time investigating corporate structures. “My phone’s credit ran out when I was at the conference. A typical scam message asks, “Can you get XXX to send me a report on XXX?”
Data provided by Google Safe Browsing revealed we now have about 75 times more phishing sites online than malware sites.
A startling 68% of employees who click on phishing email links proceed to submit their credentials on a phishing website, which is expected to happen to nearly 20% of all employees.
Businesses suffer about US$20 billion (£17 billion) annually from email spam scams. Research conducted by BDO, a business consultant and tax auditor, showed that six out of ten mid-sized businesses in the United Kingdom fell victims to fraud in 2020, with losses averaging $245,000.
Targets are typically selected based on their employment status, age
Spamming occasionally forms part of a coordinated cyber attack on an organization. Targets are therefore chosen if they work for or are connected to this specific organization.
Spam bots are being used by con artists to contact victims who reply to the initial hook email. To acquire the trust of the victim and trick them into disclosing sensitive information or sending money, the bot uses recent information from LinkedIn and other social media platforms.
The use of chatbots on websites to improve customer interactions kicked off this trend in the last two to three years. The DHL Express, Royal Mail chatbot scam, and Facebook Messenger are just some of the recent instances. Unfortunately, a lot of businesses provide both free and paid services to create chatbots.
Scammers today have additional technical options to hide their identities, such as the use of anonymous communication channels or fictitious IP addresses.
Scammers are finding it much simpler to create convincing spear phishing emails because of social media.
We share data with fraudsters every day that offers them information about our lives that they might use against us. It may be as straightforward as a location you recently visited or a website you regularly use.
As opposed to generic phishing (many spam emails), this subtle method takes advantage of our propensity to value information that has some relevance to us.
When we review our entire email, we frequently choose a message that speaks to us. Psychology has a term for this phenomenon: seeing things as connected when they aren’t.
How to keep yourself safe
Resist the urge from email scammers, despite the temptation. You could become a target for future frauds just by checking to see if your email address is in use.
In contrast to the blanket bombing strategy that con artists have favored for the past 20 years, these frauds also have a more human element. It’s uncannily personal.
Checking the sender’s information and email headers twice is one easy way to avoid being duped. Consider the data that may be available about you rather than just the data you receive and from whom. If you have another way to get in touch with that person, use it.
We should all use caution when handling our data. The general idea is to avoid posting information online if you don’t want others to know it.
But you can still stay safe online if…
You are closer to your friends and family thanks to video call technology and texting apps. However, it opens up your life to those who wish you harm. Therefore, we must rely on our natural defenses—gut instinct. Pay attention if something doesn’t feel right and double check everything.
