How Do Information Seeking Scams Work?

A scammer’s intent is information theft, and they try to extract it by tricking recipients of emails. The information they collect could be an organization chart – or as significant as usernames and passwords to corporate resources.

First, attackers collect email addresses – from public postings, social sites and guesses at a company’s email address format, such as a.lastname@company.com. Next, they email a compelling offer, pretend to be a service provider, or try to impersonate the IT team among other tricks.

In most cases, this information seeking scam is a very convincing and short text-only message – for example: “Your mailbox has reached the enterprise limit, click here or reply to this email to request an increased mailbox size from IT if required”, to much more sophisticated, “I’m an administrator for your company’s benefits program and am contacting you to take a look at the changes we will be soon making to the program, click here to see the details before we schedule a quick call to discuss.”

Some recipients who do fall for these information seeking scams will reply to the offer, and sometimes it also results in an actual conversation between the user and the attacker that will lead to an innocent but significant request if a two-way dialogue is entertained by the user.

La Formazione sulla Cybersecurity Inizia Qui

Inizia una Prova Gratuita

Ecco come funziona la tua prova gratuita:

  • Parla con i nostri esperti di sicurezza informatica per valutare il tuo ambiente e identificare la tua esposizione al rischio di minacce
  • Entro 24 ore e con un minimo di configurazione, implementeremo i nostri strumenti per 30 giorni
  • Prova la nostra tecnologia in prima persona!
  • Ricevi un rapporto che delinea le tue vulnerabilità di sicurezza per aiutarti a prendere subito provvedimenti adeguati contro gli attacchi alla tua sicurezza informatica

Compila questo modulo per richiedere un incontro con i nostri esperti di sicurezza informatica.

Grazie per esserti registrato per la nostra prova gratuita. Un rappresentante di Proofpoint si metterà in contatto con te a breve, guidandoti nei prossimi passi da seguire.

How Can I Protect against Information Theft?

User education is a good step. Additionally, look for an email gateway with a machine-learning function and real-time IP reputation scanning. Ability to detect suspicious language and sender aspects is key. Solutions must also be capable of separating such scams from the user-releasable quarantine to avoid any risks of users getting access to such kinds of phish.

Pronto a provare Proofpoint?

Inizia la tua prova gratuita di Proofpoint.