You’re probably more aware of scams than you ever have been, and that’s good, but scammers are adapting, and the future of scamming might be a constant game.
There are many things we have to stay aware of in life. Relatives and kids, the workday, news and weather, paying bills on time. Life is a complex balance of what you can work with in the space of 24 hours, including sleep.
Not everything is a good thing to balance, though, and some things you just wish would go away. The bad things in life are frustrating, and while they’re too numerous to name, we suspect most wish scams would just disappear. One of life’s unwanted setups where a criminal attempts to fleece you out of something — typically money, but also an identity — simply by trying to pretend to be something else.
Frankly, it’s something we all wish would just go away, because it would sure make checking your emails, receiving SMS, and generally just living your life and browsing the internet that much easier.
But it won’t. Every year, scams get worse.
The Australian Competition and Consumer Commission’s Scamwatch website reported in June that Australians lost over $634 million to scams last year along, with individuals and businesses alike racking up huge losses. It’s a staggering number, and one that affects all age groups, though most over the age of 25. Essentially, the more you become an adult, the more likely you are to find a scam pitched your way.
That might not always be the situation, though adults tend to have more money — and more to lose — than the teenagers and children other scams might target.
Anyone burned by a scam will probably aim to be more resilient than before, but that doesn’t mean they’re impervious. Much like how getting an infection doesn’t automatically mean you have antibodies, falling for a scam doesn’t mean you won’t again, and scammers are getting better. Scammers are adapting.
And scammers won’t stop, because for them, the future is all about adaptation to keep their trade lucrative and viable for that future.
What is the future of scamming?
Technology is getting better everywhere, and while that might help you in your regular every day life, it also helps cyber criminals, as well.
These days, we have spam filters do much of the heavy lifting to get rid of the junk, but things may still slip through. Worse, the technologies used for spam can be utilised by scammers to work out ways of getting through, it seems.
“As technologies used in detection of the scam emails have been improving, the scammers have also been finding new ways to bypass these technologies,” said Noushin Shabab, Senior Security Researcher at Kaspersky.
Shabab cited a few examples to Pickr, such as using a network of computers controlled as a group — a botnet — to send scam emails with different text and email addresses to avoid being picked up, while the now freely acquired secure certificates have been used to make fake website seem more legit. Unfortunately, a security lock in your browser bar doesn’t mean the website is real, only that it’s secure at the server.
Both of these situations make for more problematic scenarios for users, because it’s clear the technology scammers use is evolving in the same way it is for everyone else.
“Today, artificial intelligence and machine learning is used to detect scams,” said Shabab.
“Lessons from the history of scamming suggest that the future scamming and phishing emails will be tailored to trick and mislead these systems,” she said.
“However, how effective their tricks could be would very much depend on the technologies used in these AI and machine learning systems.”
It means scammers may end up playing a regular game with users: as the technology we use to target scams improves, the approach scammers use to evade those technologies may also improve.
Not every scammer will be perfect, but many will improve, and so that regular approach to being aware of what you’re sent and not trusting every email that comes in will clearly be a tactic that can help keep you safe.
How do you know if you’re being scammed?
Scams change all the time, and while the ACCC reports more money lost over the phone, internet, and email, they are just a few of the ways scams can affect people.
So identifying when you’re being scammed is a critical part of how you go on the defensive of the future of scamming.
These days, many of the scams you’re likely to see will come from email and texts, typically purporting to be something else. A message from the bank, the postal service, and a social network you’re familiar with and possibly using are all standard approaches, but it could be anything. As long as you know where the message comes from, if it makes a connection with you, the user, there’s a chance you might fall for it.
“The main idea behind scam emails is to trick the user to enter their credentials in a fake website or provide sensitive information that should be kept private otherwise can be used later by a malicious actor to access sensitive information or bank accounts,” said Kaspersky’s Shabab.
“These emails mainly disguise a legitimate business and contain a link to a fake website or ask for users credentials.”
In scam emails and text messages to your phone, clicking the link is falling directly into a scammer’s trap, typically leaving a honeypot that looks legit, but is anything but. If the details look real, you may already be close enough to giving that website your real details. And that’s where things get bad.
If a website looks real and yet isn’t, handing your details over basically means handing over your real information — password and all — right over to a team of people more than happy to take advantage of your situation. It can lead to huge ramifications, including loss of money and identity theft. It’s why it’s important to read emails asking you to click on things, and don’t trust emails simply because they’ve been sent.
It may not be surprising to learn there’s an inherent expectation that no one would have your email address unless they needed. Unfortunately, however, the web is a little more spread out than that, and with how many newsletter lists you’ve ever been subscribed to, coupled with information that gets sold behind the scenes or hacked into, there’s a strong likelihood someone has your email address whether you like it or not.
“For individuals, don’t trust every email or message you receive and provide sensitive information without first validating the identity of the email sender, the authenticity of the links that are provided in the email and also the nature of the request introduced by the emails,” said Shabab.
“For an organisation it’s crucial to deploy a security service which is able to detect and effectively stop phishing emails and scams sent to their employees,” she said.
What this adds up to is a recipe for a long term game that we may yet have to play with scammers.
You may just have to keep reading those emails, watching carefully, waiting for the day when email systems get better and phone inboxes become smarter, possibly coupled with AI and machine learning, whereby scams are no longer a threat because the software can work it out for you.
We’re gradually getting there with advanced spam filters, but some will still sneak out. Just because you have spam filters doesn’t mean that every message you get is real.
“Attackers are quite advanced these days, they constantly learn, adopt and also improve their techniques. On the other hand, the current AI and machine learning technologies used in scam detection are quite advanced and today having one such solution can pretty much detect even sophisticated scams,” said Shabab.
“However, considering the rise of the smart devices such as personal assistants used at homes and businesses, the attack surface for the scammers is getting larger which can make the future of protecting users from the scammers more challenging,” she said.
As always, it comes back to the standard tips you’ll see again and again for staying on guard against scams, including always taking care to read messages you’re sent before you click, checking you sent them, and if the email address is as real as it suggests.
And if you’re not sure, call up the company using details you’ve obtained from a Google search to the real website, because it wouldn’t surprise us to see scammers faking those in an email, either.
Some scammers are very good at what they do, and while many are not and are known to include numerous spelling errors that make the emails seem less than real, others are just as solid.
It may take regular work and reading to make sure you don’t get fooled, but you always have another option: if an email or text is asking you to click something that you didn’t request (like a password reset you’ve triggered yourself), consider deleting it. That may actually be the safer option.