Hop-tu-Naa, the spookiest night of the year, is filled with ghouls, ghosts, and all things eerie. But amidst the fun and frights, there's something even scarier lurking in the shadows: scams.
Just like a well-designed costume, scam messages can look convincing at first glance. Cyber criminals use a range of methods to target individuals. While scams range in sophistication, there are often tell-tale signs the communication isn't legitimate.
Tricks in Disguise
The key to a successful scam is trust. Cyber criminals will look to try and quickly gain your trust through various ways. In building a level of trust they can pressure you to act as you usually wouldn't, or without thinking. If a message or call makes you suspicious; stop, don’t reply, and consider. Scams often feature one or more of these signs:
- Authority
Is the message claiming to be from someone official, for example, your bank, doctor, or a government department? Criminals typically impersonate figures of authority you may deal with occasionally. Ask yourself, why are they contacting me? Are they contacting me in the way that I would usually expect?
- Urgency
Are you told that you have a limited time by which to respond, such as 'within 24 hours' or 'immediately'? Criminals often threaten you with fines or other negative consequences to make you act impulsively.
- Emotion
Criminals exploit our emotions and use them against us, this could be through using language that makes us feel hopeful, fearful or panicked. Criminals will often impersonate a loved one and manipulate already-established emotions to build trust quickly. However, sometimes scammers use threatening language, they may make false claims of support or tease you into wanting to find out more.
- Current events
The time of year or world events can be a good way to grab your attention and add a layer of authenticity to a message. For example, at Christmas you'd expect to receive offers and adverts from multiple sources; this is where cyber criminals can insert their malicious message and make you act against your own best interest.
- Scarcity
Is the message offering something that is in short supply like concert tickets, money or a remedy for medical conditions? Fear of missing out on a great opportunity can lead to impulsive decisions.
- Too Good to Be True
Promises of large sums of money, prizes, or exclusive deals with no catch are often scams. Criminals use these tactics to lure you into clicking links or sharing personal details before you’ve had time to think critically. If it sounds too good to be true, it won’t be genuine.
Spot the Signs
Scams have become more sophisticated just as people have become more digitally-savvy. However, there are still a number of markers we see at the CSC that can give a scam away.
- Language and Grammar
Scammers often make basic grammar or spelling mistakes, particularly if their first language is not English. Ask yourself, would a legitimate company send an email with multiple errors?
- Suspicious Links
Scammers often disguise malicious links to look legitimate. Hover over any link before clicking. Does it match the organisation’s official website? If it looks odd, misspelled, or redirects to an unfamiliar domain, don’t click.
- Location Specificity
Part of scammers being based offshore means some scams will be targeted globally and fail to factor in country specific information. For example, a suspicious email we often see at the CSC involves GeekSquad, a North American tech support firm, who often references subscriptions you never signed up for. Would they really be contacting someone in the Isle of Man?
- Expected Messages
Ordered a parcel and received a text asking for payment from a courier? The reality is there are millions of parcels delivered in the UK daily. At some point a smishing/phishing scam is likely to target you at a time when you would expect to see a similar messages. Always question messages from unfamiliar sources!
How to check if a message is genuine
If you have any doubts about a message, consider disregarding it. But if it seems very important, consider contacting the business or Government office directly. Never use the contact details in the suspicious message. Use official websites or documents like bank statements to find verified contact information.
Remember, your bank (or any other official organisation) will rarely ask you to supply personal information by email, or call and ask you to confirm your bank account details. If you suspect someone is not who they claim to be, hang up and contact the organisation directly.
Report it
If you're still unsure, if it’s email, please forward it to SERS@OCSIA.im. For any other messages, please report it to us using our Cyber Concerns online reporting form.