New email scam fools even cybersecurity experts

We all like to think we are immune to scams. We scoff at emails from an unknown sender offering us £2 million in exchange for our bank details. But the game has changed and scammers have developed new, hair-raising tactics. They take it personally and scour the internet for all the details they can find about us.

Scammers are getting so good at it that even cybersecurity experts are getting involved.

One of us (Oliver Buckley) remembers receiving an email in 2018 from his university’s pro-vice chancellor.

This is it, I thought. I’m finally getting recognition from the people at the top. However, something wasn’t right. Why did the pro-vice chancellor use his Gmail address? I asked how I could meet. He wanted me to buy him iTunes gift cards worth £800, and all I had to do was scratch the back and send him the code. Not wanting to abandon him, I offered to go to his PA’s office and lend him the five-pound note I had in my wallet. But I never heard from him again.

Thank you for joining us!

View the highlights of TNW Conference 2022

The infamous “Prince of Nigeria” emails are going out of fashion. Instead, scammers scour social media, especially business-related ones like LinkedIn, to target people with tailored messages. The strength of a relationship between two people can be measured by looking at their messages and comments to each other. In Q1 2022, LinkedIn was responsible for 52% of all phishing scams worldwide.

human tendencies

Psychologists who research obedience to authority know that we are more likely to respond to requests from people higher up in our social and professional hierarchies. And fraudsters know it too.

Scammers don’t have to spend a lot of time researching corporate structures. ‘I’m at the conference and my phone is out of credit. Can you ask XXX to send me report XXX?” runs a typical scam message.

Data from Google Safe Browsing shows that there are now nearly 75 times as many phishing sites as there are malware sites on the Internet. Nearly 20% of all employees are likely to click on phishing email links, and a whopping 68% continue to enter their credentials into a phishing website.

Globally, the downsides of email spam cost businesses nearly US$20 billion (£17 billion) every year. Business consultant and tax auditor BDO’s investigation found that six out of ten medium-sized companies in the UK were victims of fraud in 2020, with an average loss of £245,000.

Targets are normally chosen based on their rank, age or social status. Sometimes spamming is part of a coordinated cyber attack against a specific organization so that targets are selected if they work or have connections with that organization.

Fraudsters use spam bots to contact victims who respond to the first hook email. The bot uses recent information from LinkedIn and other social media platforms to gain the victim’s trust and entice them to give valuable information or transfer money. This started in the last two to three years with the addition of chatbots to websites to increase interaction with customers. Recent examples include the Royal Mail chatbot scam, DHL Express, and Facebook Messenger. Unfortunately for the public, many companies offer free and paid services to build a chatbot.

And there are more technical solutions available today for scammers to hide their identities, such as using anonymous communication channels or fake IP addresses.

Social media makes it easier for scammers to create credible emails called spear phishing. The data we share every day gives fraudsters clues about our lives that they can use against us. It could be something as simple as a place you recently visited or a website you use. Unlike generic phishing (large numbers of spam emails), this nuanced approach takes advantage of our tendency to attach meaning to information that relates to us in some way. When we check our full inbox, we often pick out something that strikes a chord. This is referred to in psychology as the illusory correlation: seeing things as related when they are not.

How to protect yourself?

Even if you’re tempted to lure email scammers, don’t do it. Even confirming that your email address is in use could make you a target for future scams. There is also a more human element to these scams compared to the general bombing approach that scammers have favored over the past two decades. It’s awfully intimate.

An easy way to avoid being tricked is to check the sender details and email headers. Think about the information that might be out there about you, not just what you receive and from whom. If you have another way to contact that person, do so.

We all need to be careful with our data. The rule of thumb is if you don’t want anyone to know, don’t post it online.

The more advanced the technology gets, the easier it is to take a human approach. Video call technology and messaging apps bring you closer to your friends and family. But it gives people who want to harm you a glimpse into your life. So we have to use our human defenses: our instincts. If something doesn’t feel right, pay attention.The conversation

This article by Gareth Norris, Senior Lecturer, Department of Psychology, Aberystwyth University; Max Eiza, Senior Lecturer in Computer Security, Liverpool John Moores University, and Oliver Buckley, Associate Professor of Cyber ​​Security, University of East Anglia, are republished from The Conversation under a Creative Commons license. Read the original article.