Information Seeking Scams

Scammers try to steal information by tricking email recipients. Such information could be as simple as an organisational chart or as significant as usernames and passwords to valuable corporate resources.

First, attackers collect email addresses from public postings, social sites, and by guessing the email address format of a company, such as a.lastname@company.com. Next, they email a compelling offer, pretend to be a service provider, or impersonate the IT team, among other tricks.

In most cases, these information-seeking scams are very convincing. They can be as simple as a short text-only message that says, for example, “Your mailbox has reached the enterprise limit. Click here or reply to this email to request an increased mailbox size from IT if required”. These information scams can also be much more sophisticated: “I’m an administrator for your company’s benefits programme and am contacting you to review the pending changes to the programme. Click here to see the details before we schedule a quick call to discuss”.

Recipients who fall for these information-seeking scams will reply to the offer, sometimes resulting in an actual conversation between the user and attacker, leading to a seemingly innocent but significant request.

The digital landscape is rife with deception, and among the most prevalent are various types of information-seeking scams. These scams cunningly leverage human emotions such as trust, empathy, and love to exploit victims for financial gain or personal information. Let’s explore some common types of these scams:

• Charity scams: Under a veil of benevolence, scammers mimic genuine charitable organisations or fabricate convincing ones that tug at the heartstrings. They may capitalise on recent disasters or crises to solicit donations from empathetic individuals who believe they are contributing to a noble cause.
• Romance scams: The online search for companionship can lead unsuspecting seekers into traps set by scammers using fabricated profiles on dating websites and social media platforms. Through nurturing seemingly genuine relationships over time, they eventually manipulate their targets into sending money or disclosing sensitive personal details under false pretences.
• Advance fee scams: Here lies an enticing offer: access to loans, prizes that one has “won”, one-in-a-lifetime job opportunities—all available after paying an initial fee. Unfortunately, this upfront cost does not lead to fortune but ends up in loss when promised benefits never materialise.
• Emergency/grandparent scams: This scam strikes swiftly through urgent calls or emails impersonating someone familiar—a friend in trouble abroad or a grandchild in legal distress—pressing recipients into transferring funds quickly before verifying the story’s authenticity.
• Text message scams: Simplicity is key here as short messages prompt users for immediate action, like updating account info via provided links, which instead serve sinister purposes like phishing attempts to collect user data stealthily.
• Cryptocurrency scams: As cryptocurrency gains popularity, so do schemes around it. Swindlers pose as well-known figures endorsing lucrative crypto investments, while others replicate credible trading sites where logging in means unwittingly handing over the keys to your virtual vaults.
• Puppy scams: In these elaborate information-seeking scams, threat actors create fake eCommerce stores or online marketplace listings to sell non-existent puppies or pets advertised as needing a home. These scams often target victims through social media ads and other social engineering techniques.
• Phishing scams: These scams are particularly insidious, as they often take the form of legitimate-looking emails or text messages. The scammers behind phishing messages masquerade as reputable companies or institutions and design their communications to extract sensitive information. They may ask you to click on a link that leads to a fake website where your personal and financial details can be stolen.

To safeguard against such sophisticated schemes, it’s critical to maintain vigilance when handling personal data—especially in interactions with unfamiliar parties. Before responding to any requests for money or sharing personal details, verify the legitimacy of the charity, company, or individual requiring assistance.

To effectively identify information-seeking scams, it’s crucial to be vigilant and recognise warning signs often indicating fraudulent activity. Here are some key red flags to watch out for:

• Unexpected problem or unclaimed prize claims: Scammers may alarm you with assertions that you’re facing legal issues or have outstanding debts, or they might entice you with notifications of winning a lottery or sweepstakes. However, these scenarios typically come with a catch—a fee or payment is required to resolve the issue or claim your “prize”.
• Requests for personal information: Any unsolicited requests for sensitive personal details—like social security numbers, bank account information, credit card details—should immediately raise suspicion. Legitimate organisations usually do not ask for such data without prior notice and through secure channels.
• Suspicious links and attachments: Exercise extreme caution when encountering unexpected links or email attachments. These could potentially install harmful malware on your device if clicked upon or lead you to counterfeit websites designed to mimic legitimate ones in an attempt to steal your credentials.
• Language inconsistencies: Phishing emails and texts frequently exhibit poor grammar and misspellings because many scammers operate hastily and may not be native speakers of the language used in their scam attempts. Professional communications from genuine institutions tend toward high linguistic standards.
• High-pressure tactics: If someone urges immediate action under pressure—for example, by claiming an emergency requires urgent financial assistance—it’s likely part of a scammer’s strategy meant to prevent thoughtful consideration, which might unveil the deception at hand.
• Impersonation efforts: Exercise scepticism when dealing with any communication that claims to be from well-known organisations such as government bodies, shipping providers, utility companies, or charities. Scammers are skilled at creating official-looking emails and documents, and they often use real names or create titles for organisations that sound legitimate to appear credible.
• Unconventional payment requests: Be on high alert if you’re asked to make payments using gift cards, cryptocurrency, wire transfers, or other unconventional methods. These payment channels are typically irreversible and untraceable once the transaction is complete.

It’s important not only to recognise potential red flags but also to take proactive steps: question irregularities in communications, verify sources independently before taking action, and approach online financial transactions with scrutiny. By adopting these practices, you can significantly reduce your risk of falling prey to the myriad schemes devised by cyber criminals.

User education is a good step. Additionally, look for an email gateway with a machine-learning function and real-time IP reputation scanning. The ability to detect suspicious language and sender aspects is key. Solutions must also be capable of separating such scams from the user-releasable quarantine to avoid any risks of users getting access to such kinds of phish.