Anatomy of Scam Messages

A scam message – or “phishing” message – is an email or other communication sent with the intent of deceiving the recipient. These messages can be used to obtain personal information such as passwords and credit card numbers, or to trick people into participating in fraudulent schemes. Scam messages are often sent by criminals who are attempting to steal money or identities.

It is important to be aware of these messages and to understand how they work, so that you can protect yourself and your employees from becoming a victim. According to CISCO’s 2021 Cybersecurity Threat Trends report, about 90% of data breaches occur due to phishing and this number is only expected to rise.

What are Scam Messages?

At the very basic level, scam “phishing” messages are designed to get critical information out of an unsuspecting recipient or recipients. The most common “ask” in these messages includes login information, valuable data, money or payment information, and other sensitive material.

These common requests can come in many shapes and sizes. For example, a cybercriminal may request an employee purchase a gift card, open an attachment (which proceeds to download malware), and even change or provide payment information on existing accounts/invoices.

How does a seemingly suspicious email have such a high success rate? Cybercriminals usually appear as someone close to the potential victim, such as a colleague, a supervisor, or a legitimate and well-known company or brand. It is not uncommon for cybercriminals to pretend to be banks or other large companies.

Where do Scam Messages Appear?

Most are familiar with phishing emails, however not all scam messages appear in your employees’ inboxes. Scam messages can come in through text messages, emails, and phone calls. They can even come through in landing pages or websites with legitimate URLs.

A good rule of thumb: double check anytime anybody is requesting any type of sensitive information. Scammers move quickly because time is not on their side. Taking that extra 10 seconds to pause and consider whenever someone is urgently requesting logins, downloads, and other sensitive material can be the critical step in preventing a data breach.

Who do Scam Messages Target?

 Scammers are targeting Australian businesses in both the public and private sector with increasing frequency.

Scam messages can be a single message sent to thousands of people or personalised to a person or small groups of people.

What are the Qualities of Scam Messages?

While scammers are developing more sophisticated methods for delivering scam messages, there are still some common qualities for which employees should keep an eye out:

  • Urgency Scammers want you to act fast. Look for a sense of urgency in subject lines (such as: Update Payment Immediately!). or else for deadlines in the text (such as If you do not update in the next 24 hours, we will disable your account).
  • Authority: Emails senders do not typically appear to be random or suspicious. Watch out for scammers imitating well known brands or authority figures within your company.
  • Mistakes: Alarm bells should fire if you receive an email from Apple or a well-known brand that is riddled with spelling, grammatical, or other informational errors.
  • ZIP File or Suspicious Link: Whenever a message is asking you to either download something or click something, always consider that it might be a scam.
  • Promotion or Deal: Scammers may also use scarcity to make it seem as though you have won or will win something if you act fast.

Scammers take advantage of the fact that people click or download without thinking. Promoting a cyber aware culture that prioritises critical thinking and pausing if unsure can help prevent data breaches in your company.

About PhishNet

PhishNet delivers highly effective, engaging, and affordable cybersecurity awareness training to help businesses mitigate the risks of human error data breaches.

Talk to PhishNet today to learn more or check out our free Risk Assessment as you gather a baseline of your organisation’s cyber resilience.

Leave a Comment

Your email address will not be published.