How do you tell if a message is a scam or not?
Unless you’ve been living under a rock the chances are you have received plenty of scam messages over the last few years. Scam messages are often sent via SMS, email, WhatsApp and via social media messaging systems. If you’ve been following my blog you know that this is hardly a new topic of discussion, in fact most of my blog posts over the last few years have had a cyber security theme and that’s no accident.
What we haven’t really talked about much lately is how to distinguish between a legitimate message and a scam so let’s do that now.
Before I go on I need to give you fair warning, it is sometimes very difficult to tell the difference, sometimes even us cyber security professionals have trouble distinguishing fake from real. I’ll talk about what to do if you are uncertain about the legitimacy of a message a bit later in this article.
It used to be that you could pick a scam message a mile away based on just a couple of metrics, usually the message would be full of grammatical and spelling errors and often any images included were poor quality but as time goes on the content of these scam messages is continually improving making them harder to detect. Combine this with the knowledge that many larger businesses such as banks and telcos often outsource their customer service departments to international providers where English is not their native language so even legitimate messages can have a tinge of poor grammar and spelling.
So how do we determine the legitimacy of a suspected scam message?
Today the most useful tool we have is logical thinking and common sense. If we assume that every scam message is trying to get you to take some kind of action (hint: They aren’t) then analysing the content of the message becomes critical, what are they trying to get you to do? The obvious one is where a link is included in the message, usually the link will take you to a legitimate LOOKING website to prompt you for a user name and password, usually after you provide your credentials the web page closes or some message is shown designed to disarm you. More advanced scammers actually pass your credentials along to the legitimate website and attempt to sign you in, this is a kind of ‘man in the middle’ attack and they are becoming more common. See my last blog post about Pineapples for more info about an emerging type of MITM attack.
In the example above, if we ask the question “What are they trying to get us to do?” the answer is “To follow a link and hopefully extract some information from you.” The content of such messages varies quite a bit but almost always they try to induce some kind of emotion in you, maybe they employ fear to get you thinking “If I don’t do what the message says I might lose access to my account.”, some use greed by claiming you are owed a refund or someone has sent you a parcel etc. of course this all started way back with the Nigerian Prince scams…. Free money anyone?
Most of these are easy enough to spot if you just take the time to answer the question “What is this message trying to get me to do?”
Scam messages encourage you to take some kind of action but that is not always the case. Take this example below, an SMS message that appears to be from Bendigo Bank.
If we apply the “What are they trying to get me to do?” test to this message then you would have to conclude that the message is legitimate, the message contains no links, no phone numbers to call and no call to action other than telling you to independently find the phone number for the bank and call them.
In isolation there is no way to tell if this message is legitimate or not so therefore we should proceed with caution and do exactly as the message says, call the bank and ask but most importantly you have to go and find the phone number for the bank yourself.
Now, let’s look at a message received by the same person the following day:
This message is clearly a scam, they are trying to get you to follow a poorly disguised link. I can’t show you what it would have looked like if you did follow the link because the site has been taken down but you can bet it would have been a good copy of the Bendigo Bank login page. But what does this second message tell us about the first one? Was that first message designed to soften you up so that when the second message arrives you are more likely to take action?
I can picture the scenario now, you receive the first message, dutifully call the bank who no doubt tell you everything is fine but to be on the safe side you should immediately change your internet banking password which you do. The next day you receive the second message and due to the events of the previous day you think the second message is legit and without thinking too much you give the scammers your brand new internet banking password and your money is gone.
No so long ago I was speaking with a client about this and he said to me “I ignore all messages that say they are from my bank.” He then went on to say that if they really wanted to contact him they would send him a letter in the post. Personally, I think this is dangerous thinking, if you receive a message from any organisation you do business with you should first asses it’s authenticity then take appropriate action, ignoring the message could well lead to greater problems.
So what should you do when you can’t tell if a message is a scam or not?
The first thing to do is ask your trusted I.T. partner, at Australia Wide I.T. we see far more scam messages than most and coupled with our cyber security expertise we can probably figure out if a particular message is legitimate or not.
If there is still uncertainty you should contact the apparent sender by phone (after having found their phone number independently of the suspect message) and talk to them about it. Of course you may decide that it’s not worth the effort and ignore the message entirely, like my customer said, they’ll probably just send you a letter anyway right?
Our Services
Our fixed price Managed IT Support Programs will increase your businesses competitiveness and efficiency with our I.T. Professionals on call for you 24/7.
Class leading response times ensure your that when things do go wrong we’ll be there in a hurry so you can get on with doing what your business does best.
Testimonials
My business has grown from 3 stores to 5 stores over the last 3 years; one of the unfortunate consequences of this has been the fact that our old server and network could not cope with the growth. After much deliberation we chose Australia Wide I.T. to not only arrange the supply and installation of our new network, but to also provide long term support. We have been very pleased with our decision and would happily recommend them.
Bruce
A very big thank you from me to all of the guys there….You make things so easy for us and are always available to help.
A massive shout out to the Nash though for fixing our printer – you nailed it Nash and not only changed MY life, but also helped to save some trees in the Amazon Forest!
Thanks to you all.
Jo
We would recommend you to anyone, anytime.
Thank you all so very, very much for all your support. Not to mention bringing back my files to my Company. I cannot thank you guys enough.
Thanks again.
Leigh
All good as usual, keep up the professional service.
Diana
They’ve gotten to know our business so well and they’re truly interested in helping us. It’s like having our own I.T. Department in-house. Australia Wide I.T. takes a personal interest in our team, our business and where we’re going. They’re like family.
Other I.T. companies just didn’t seem to have the same depth of knowledge as these guys. Rather than blame the user (us) they go the extra mile, locate the problem and fix it – Every time!
Coral
The team at AWIT deliver nothing but breathtaking service!!!!
Brett
Very much appreciate your very quick response today. It was pay day today and I was a bit worried (that we wouldn’t be able to process the pays) but because of you all is well, so a big thanks.
Dale
Your work last week was amazing. You couldn’t have been more supportive or expert in your conduct. I am very grateful and am amazed at your generous invoicing of last week’s work. I can only repay you by recommending you to as many people as possible.
Thank you. It is refreshing to know that when a problem occurs, you are always there – with great service.
Keran
Our previous I.T. Service Provider was distant, hard to contact and not customer focused. With Australia Wide I.T. we now have great service with a human touch. Our calls are answered promptly and the team is always ready to help in any way.
The maintenance program put in place by AWIT offers us peace of mind that our entire system is correctly and closely monitored.
Monica
Thanks for all your help today. Your patience & tenacity for solving the problem is greatly appreciated.
Jacinta