Conversational scams were the fastest-growing abuse trend in 2022. Mobile messaging is highly susceptible to this type of scam as users open and read 98% of their texts within three minutes of receipt, according to data collected by Dexatel. And that opens the door to a conversation with scammers.
Adam McNeil, Senior Threat Research Engineer at Proofpoint, gave members of the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) a comprehensive overview of this type of scam at the February 2023 general meeting. He described the threat landscape relative to conversational scams in mobile messaging as the “Wild West.”
Understanding conversational scams can help consumers, companies, and security professionals identify and stop them.
What Are Conversational Scams?
McNeil explains conversational scammers start a dialogue with their target to build trust, then send a link that leads to malware or phishing.
The scammer leverages a conversational tone to get their target to drop their guard and give up information that may enable access to data or money.
These scams can pop up not only in SMS messaging, but in social media and other online communities.
The Tactics Used by Conversational Scammers
The scammer begins by sending an unsolicited SMS message written in a friendly manner. This leads the target to wonder if he or she knows the scammer through a business or personal connection.
Scammers may impersonate an executive from the target’s company or a recruiter offering them a job. They may appeal to the target’s emotional side, suggest a romantic liaison, or promising easy money by investing in cryptocurrency.
The target believes the conversation has value. With the hook in, the target becomes a victim. The scammer sometimes offers to move the conversation to an encrypted chat and request more information or money.
These scams result in lost money, shame, embarrassment, and further extortion. While older users are more receptive to these scams, victims can be of any age. The explosion in artificial intelligence (AI) capabilities and the implementation by attackers will only speed up these kinds of scams by automating, refining and improving the scammers’ pitches.
On the positive side, AI can analyze enormous volumes of data that will enable real-time classification of scammers and their methods. The analysis of scamming behaviors at scale may improve fraud detection and blocking methods for everyone.
How M3AAWG Can Help
As these scams continue to evolve, McNeil noted that sharing data and collaborating with groups such as M3AAWG will be important for identifying trends and preventing scams.
As part of its fight against abuse, M3AAWG offers several guidance and recommendation tools for the industry here (https://www.m3aawg.org/published-documents) and on public policy (https://www.m3aawg.org/for-the-industry/published-comments) related to security, networking, infrastructure, and more.
M3AAWG also welcomes topics for future meetings, including the 58th meeting in June 2023. See here (https://www.m3aawg.org/events/call-for-proposals) for the form and info.