Traits of Most Scams



KB4-CON-RogerThere are a lot of scams in the world, and they seem to be proliferating at an exponential rate. My Facebook friend’s accounts are compromised all the time and I get sent scam requests for easy money. I get at least one scam message via SMS every day. My email inbox is full of phishing scams. I occasionally get phone calls from criminals claiming to be from my bank or some other local provider.

I get emails from distraught people who have loved ones caught up in romance scams. Anyone trying to sell something on Craigslist quickly learns that it is overrun by scammers. If you apply for a job these days, there is a stronger chance that it is a scam job just trying to learn your personal details and get money from you. And who has not been approached by a cryptocurrency scammer claiming they can make you rich, rich, rich for just a small investment?

I think that maybe I am becoming more aware of all these scams as a side effect of being in the scam fighting security awareness training industry. But stats tell a different story.

There are more scams than ever coming at us more ways.

Protecting Your Organization Against Scams

I have people ask me what they can do to best protect themselves against social engineering and scams. At an organizational level, the answer is to implement the best defense-in-depth combination of policies, technical defenses and education to prevent social engineering; and education is usually the piece most lacking in the majority of organizations. I wrote about the 3 x 3 Pillars of Computer Security here.

If you want to know everything you can do to prevent social engineering and phishing, you can read my 49-page eBook  or watch my one-hour webinar on the subject. Pick your poison. Both cover the same material, which is everything I and KnowBe4 could think of to fight social engineering and phishing – every policy, technical defense and security awareness training best practice we could think of, put into a small package.

Protecting Yourself, Co-Workers, Friends and Family

The best thing you can do, at the individual level, is to teach yourself (and everyone else) how to spot a scam. You want everyone to have a healthy level of skepticism and evaluate all incoming messages, no matter how they arrive (be it email, web, SMS, social media, voice calls, etc.), and look for potentially suspicious signs of a social engineering scam. A scam is a scam is a scam. Most scams have the following traits:

  • They arrive unexpectedly
  • The ask the receiver to do something the sender has never asked the receiver to do before
  • They indicate a sense of urgency, claiming the receiver will be penalized if they do not take action immediately
  • The requested action could be harmful to the receiver or their organization if the requested action is taken and is malicious

I have summarized the scam warning signs into the following flow chart below:

Teach yourself, your co-workers, your friends and family these four traits of scams. They should evaluate all incoming messages, no matter how they arrive, and see if the message has all of these traits. And if it does, then the receiver should confirm the validity of the request before performing any further actions. Please share this message and graphic with as many people as you can. We are all in this war against hackers and social engineers. Spread the message.

One note of caution. Not all scams contain all four traits. There are some advanced scams where these traits do not apply. For example, in a mortgage escrow scam, an intruder has usually successfully compromised a mortgage lender’s (or escrow agent’s) computer, scans for pending housing sales and then sends bogus bank money wiring instructions to the party buying the house on the day they were expecting to be told to make a loan escrow payment. The request arrives from the person they were expecting it to arrive from, on the day they were told to expect it, for the amount they were expected to have to pay to get the loan. Everything looks legit, but they do not know that the bank wiring account information leads to the attacker’s bank account.

So, not all scams have the four traits above, but 99% do. And teaching those four traits of scams will stop most of it. And we are working on the last 1%, but it is not as easy or consistent as most scams are to defeat. To defeat 99% of scams, it is mostly about education, and education about the four traits listed above.

Create a culture where everyone is always on the lookout for a possible scam. Let’s make it significantly harder for scammers to be successful. Now go fight the good fight!


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Topics: Phishing, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews