Spotting Fake Messages and Scams

Scammers have plenty of ways to try to convince you to call them, click on a link or open an attachment. These scam messages are increasing because they work; 91% of all cyber attacks begin with a phishing email to an unexpected victim. But it’s not just phishing emails that scammers use, they can also call or text.

Different Scamming Methods

Scams that come through email are generally called phishing emails. They tend to be generic and are sent far and wide; it’s estimated that over 3 billion are sent out each day. Phishing emails that are specifically targeting you or your organization are called spear-phishing emails; they may appear to come from others in your organization.

When you receive a scam message through text (SMS), it’s called a “Smishing” scam, the name being a combination of SMS and phishing. Like with phishing, scammers are after your personal information and/or financial gain. These messages can look like they are intended for someone else and can include a link. They can look like they’re from a phone company, a bank, or even a politician.

A scam via the phone or voice mail is a “Vishing” scam; this name is a combination of voice call and phishing. These calls can claim to be from a government agency, bank, insurance company, or tech company saying there is some issue with you, your account, or your computer. They can even say they are a friend or relative stuck in a different country and need money.

Telltale Signs

Although the messages can come in through any of the above methods and the specific content of the messages themselves change, the overall principles that scammers use stay the same:

• The scammers can pretend to be an authority, like the government, a bank, a tech company, etc.
• They capitalize on fear or create a sense of urgency, e.g., “Your account will be charged by the end of the day.”
• The messages have a generic greeting or no greeting at all, e.g., “Dear Member…”
• They ask for sensitive information, e.g., “Please provide your account info for confirmation.”
• The message can be poorly written, e.g., “Your PC services are going to lapsed tomorrow…”

Basic Precautions

• Be familiar with the signs above.
• If it’s a call from your bank or a government agency, end the call and call them back using a phone number for their website.
• If an email is asking you to click on a link to log in to your account, don’t click on it, rather go directly to the website in your web browser and log in that way.
• Don’t open email attachments if you’re not expecting one.
• Double-check the sender’s email address to see if it’s the same one they usually email from.
• If you’re not sure about the message, ask for help.

If something feels off when you receive a message, take a moment to consider what it is that feels off and what about this feels like a scam. Slowing down and getting curious about the situation at hand is the best way to shut down a scammer.