Gone are the days when we only needed to be wary of generic emails from unknown senders. As consumers and employees get cyber-savvy, criminals keep improving their game by adding a personal touch to email and phone scams. Even more, background research and establishing trust over time are becoming standard tricks of the trade.
What’s a personalized scam?
Unlike the “you won the lottery” headlines that scammers send out with a generic message and hope someone takes the bait, personalized scams are different—which makes them harder to spot.
With personalized scams, criminals take the time to do their research first. They’ll look through databases of information to find as many details about their targets as possible. There’s information available from previous website hacks, and they’ll also glean what they can from social media and from government records. The criminals then use all of these data points to tailor messages that seem very real.
Extortion is one of the most popular forms of personalized scams. With a few pieces of information, a criminal can craft a message designed to scare you into paying them money. They’ll find account information, possibly even including the original password you used for a compromised website. The criminal will say its “proof” they’ve hacked your computer or device. They then claim to know what websites you’ve been viewing, including pornography sites. Their email threatens to expose your secrets to friends, family, and employers if you don’t pay up. In reality, the criminal hasn’t hacked your computer at all—just made it seem like they did by using a few important personal details they found about you.
Note: these kinds of personalized scams can happen over the phone too! Using an official-looking, but spoofed, Caller ID and a few details, a call can seem very legitimate—especially when the scammers use scare tactics to make you frazzled and think less clearly.
Tips for spotting a personalized scam
Even though these scams are tailored, there are still common elements you can watch out for:
- There’s a huge sense of urgency. If an email, phone call, or message makes it sound like the issue is highly urgent, be suspicious. A scammer could be using fear to rush you into falling into their scam. Watch for phrases like need today, immediate action, ASAP, etc.
- Untraceable payment methods. Bitcoin, gift cards, and cash all have one thing in common—they’re untraceable. You should be immediately suspicious of any request that demands to make a payment in any untraceable form of payment.
- Wrong sender email. Even though the content of the email may be personalized, the scammers may still be using hacked email addresses to send it. Look beyond the sender name, which may look familiar, and check the address and domain. If they don’t match, you have extra reason to be on high alert for a scam. (Check out our Five Ways to Spot a Phishing Scam for more tips.)
- Trust your gut. Even if you can’t quite put your finger on why an email or phone call doesn’t seem legitimate, don’t disregard that feeling. Before you respond, verify email requests over a different channel, such as in person or over the phone. Also, it never hurts to do some Googling to see if others have reported similar attacks.