How do you recognise a scam? – Pickr | #phishing | #scams | #education | #technology | #infosec


Scams seemingly never end, with a new one popping up all the time. But how so you recognise a scam?

Your inbox is full of them, often shifted to spam and junk, but still very much there, and you probably have some in your phone’s SMS inbox, as well.

But scams can get past the initial security of your inbox, making their way to everything else you see. They can sit alongside messages from friends, families, coworkers, and promotional material you might actually want to read, and they can look legit.

So how do you identify and recognise a scam, and are there tips that make it easier to work out what’s real and what’s not?

Our inboxes aren’t a sacred place

You might think your inbox is a sacred place, but it’s just one of the billions found around the world, a number that is growing all the time.

With billions of email addresses and hundreds of billions of emails going every day, there’s a pretty strong chance your email has been on a list somewhere and that list has made it into the hands of someone who wants to trick you with something.

While you probably have been inundated with spam having signed up to pretty much anything, scams aren’t quite the same thing as spam, and some of those lists have probably made their way into the hands of scammers keen to see if you’ll click and follow their directions, their cons, their attempts to fleece you out of money and details and your identifying information.

You probably have a scam in your inbox waiting for you to click on, which is exactly the thing you shouldn’t end up doing. Don’t click on a scam and try not to fall down a scammer’s rabbit hole of deceit and lies.

But before you get there you need to know how to spot a scam.

Treat unknown emails with suspicion

And the first step for this is to treat your inbox with a level of suspicion. Remember, it’s not sacred, and not only you and close friends or coworkers know about it. Many things can make their way in for you to click and check, whether you intend for them to.

That means it’s worth approaching things in your inbox with suspicions, particularly emails from people you don’t know.

“The most common way to recognise a scam is to treat every uninvited contact with suspicion, and do your due diligence in checking spelling errors, strange looking links, unfamiliar contact numbers or email addresses, or signs that the unsolicited correspondence is out of character for the person or company that has sent it to you,” said Robert Schwarz, Managing Director for Enterprise at Nuance in Australia and New Zealand.

“But while these simple tips and manual steps can help you identify a number of different scams, as they become common knowledge, scammers are adjusting their methods accordingly—making them smarter, more sophisticated and harder to identify as time goes on,” he noted to Pickr.

While scammers are getting better, they consistently make spelling and grammatical mistakes in their executions, making them one of the more obvious signs to pick up on, but they’re not the only ones.

Check the send addresses carefully

With scammers cottoning onto the idea of a spellchecker and a grammar check service, we’ve seen scams that get as close to good English as we’ve ever seen, making it harder to recognise a scam with total accuracy. But there are still areas a scammer can’t fake, try as they might: sender details.

Whether a scammer sends an SMS or an email, they can’t fake a legitimate address for a major company, though they can get close.

In an SMS phishing scam, the idea is to convince you the message comes from a legitimate company, so scammers will likely go one of two ways: either use a local number with no sender ID, or concoct a sender ID that’s close but still not the same.

In the case of the former, if you get a message from a number that looks local but you don’t recognise, you should probably treat it with suspicion. Companies will typically send out SMS alerts with a company name attached, as it just looks professional.

This also affects the latter, because some company names are protected, though scammers can get close. While “Telstra” might be protected at online SMS send services, names that sound similar — such as “TelstraAlerts” or “TelstraOnlineAlerts” — could get close enough to make you think the message is real, when in actuality it’s anything but.

It’s a similar situation with email addresses, because while scammers can fake the send name, they can’t fake the actual email address it comes from. To get close, they’ll typically put the email address in the send name, leaving you with two addresses the email has purportedly come from. That’s not actually what has happened, and it’s only the last email address in the field that is the real email address, so pay attention to what the last email is to know who you’re dealing with.

Urgent messages from the blue

Scams typically come out of nowhere and carry a sense of urgency, with that desire to act part of what can trick you to click a link. If something is more urgent, you’re more likely to act without thinking, but this urgency is part of the fiction, relying on that need to know what’s going on.

“Scammers rely on people acting before thinking, and so will often include requests that are time sensitive,” said Aaron Bugal, Global Solutions Engineer for Sophos is the Asia Pacific region.

“This is designed to stop the potential victim from taking a closer look and realising the situation is illegitimate,” he said.

“Urgent calls to action, threats, and coercive language are all red flags of a scam. Cybercriminals know that the combination of guilt and fear results in haste, and haste is a scammers best friend. Always take a moment, breathe, and analyse the situation before clicking on any links or sharing personal information.”

Dodgy links

Just like the dodgy email address, a scam will often come with equally dodgy links, some of which go to similar-sounding addresses, but which clearly aren’t the same.

Facebook with an extra “o” (Faceboook) or one less (Facebook), or maybe with a number on the back (Facebook3) are all great examples of the lengths scammers will go to in order to convince you their scam is the real deal, and something you needn’t look too closely at, attempting to phish your details with a fraudulent version of a real website.

“Scammers will generally try to redirect you to a fake version of a trusted site, wherein you will input sensitive data such as username, password, and other details to verify your identity,” said Bugal.

Pay attention

Ultimately, it’s worth paying attention to as many signs as you can find, and questioning what arrives in your inbox. Pay attention, ask questions, and don’t just trust those random emails on faith or the idea that they’re in your inbox or phone because they were meant for you, otherwise you could end up being yet another number and statistic.



Source link