The Evolving Threat Landscape
Cyberattacks are no longer just about suspicious links in poorly written emails. Today's scams are highly sophisticated, often blending email, text messages, and even AI-generated voice calls to create a convincing illusion. [9] This multi-pronged approach,
known as social engineering, is designed to trick you into revealing personal information, transferring money, or installing malicious software. Scammers use tactics like creating a false sense of urgency or impersonating reputable companies and even your own boss. [4, 15] With open rates for text messages as high as 98%, compared to just 20% for email, criminals are increasingly using 'smishing' (SMS phishing) to reach potential victims. [2] The core of the deception relies on trust, making the simple act of verifying the sender more critical than ever. [10]
How to Verify a Sender's Identity
The display name on a message is not proof of identity. Scammers can easily make a message appear to be from a trusted source. [1] In an email, always inspect the sender's actual email address. Hover your mouse over the sender's name to reveal the full address. [2] Look for subtle misspellings designed to fool you, like using 'micros0ft' instead of 'microsoft' or an address from a public domain like Gmail instead of a corporate one. [2] For text messages, be wary of texts from companies you don't normally receive them from. [5] If a message from a known company seems odd, do not use the contact information provided in the message. Instead, go to the company's official website, find their real phone number or email, and contact them directly to verify the communication. [3, 4]
Common Red Flags to Watch For
Scammers often follow a predictable playbook. Be on high alert for messages that demand immediate action, often accompanied by threats of account suspension or promises of limited-time rewards. [4] This sense of urgency is a psychological trick to make you act before you can think. [15] Another major red flag is poor spelling and grammar; legitimate companies typically have professional editors. [7] Be suspicious of generic greetings like "Dear Customer" when the company should know your name. [3] Unexpected attachments or links are also a cause for caution. [1] Even if a message contains personal details about you, it doesn't make it trustworthy, as this information is often scraped from public social media profiles or data breaches. [5]
The Rise of Vishing and AI Scams
The threat has moved beyond text. 'Vishing,' or voice phishing, is a rapidly growing vector for attacks. [11] Criminals may send an initial email or text to set up a story, then follow up with a phone call to build pressure. [9] Thanks to advances in artificial intelligence, scammers can now clone a person's voice from just a few seconds of audio, making impersonation calls chillingly realistic. [9] These deepfake audio attacks can be used to impersonate anyone from a company executive to a family member in distress. While this technology is sophisticated, the defence remains the same: be sceptical of unsolicited calls demanding urgent action or sensitive information. If a call feels suspicious, hang up and call the person or company back on a number you know is genuine. [1]
Your Action Plan for Suspicious Messages
If you receive a message that feels off, the safest action is often to do nothing with the message itself. [13] Do not click any links or download any attachments. Do not reply to the message, even to text "STOP," as this simply confirms to scammers that your number is active. [6, 13] The best course of action is to delete the suspicious message. [4] You can also block the number or sender to prevent future contact. To protect your accounts, use multi-factor authentication (MFA) whenever possible. [3] This adds a crucial layer of security, requiring a second form of verification that a scammer is unlikely to have, even if they manage to steal your password.
