![Epic Games: Fortnite is offline for Apple devices worldwide after app store rejection [updated]](https://helios-i.mashable.com/imagery/articles/00T6DmFkLaAeJiMZlCJ7eUs/hero-image.fill.size_1200x675.v1747407583.jpg)
![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![How to make Developer Friends When You Don't Live in Silicon Valley, with Iraqi Engineer Code;Life [Podcast #172]](https://cdn.hashnode.com/res/hashnode/image/upload/v1747360508340/f07040cd-3eeb-443c-b4fb-370f6a4a14da.png?#)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
![[Virtual Event] Strategic Security for the Modern Enterprise](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt55e4e7e277520090/653a745a0e92cc040a3e9d7e/Dark_Reading_Logo_VirtualEvent_4C.png?width=1280&auto=webp&quality=80&disable=upscale#){kind=logo}
-xl-(1)-xl-xl.jpg)
![How to upgrade the M4 Mac mini SSD and save hundreds [Video]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/05/M4-Mac-mini-SSD-Upgrade-Tutorial-2TB.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![‘Apple in China’ book argues that the iPhone could be killed overnight [Updated]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/05/Apple-in-China-review.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![iPhone 17 Air Could Get a Boost From TDK's New Silicon Battery Tech [Report]](https://www.iclarified.com/images/news/97344/97344/97344-640.jpg)
![Vision Pro Owners Say They Regret $3,500 Purchase [WSJ]](https://www.iclarified.com/images/news/97347/97347/97347-640.jpg)
![Apple Showcases 'Magnifier on Mac' and 'Music Haptics' Accessibility Features [Video]](https://www.iclarified.com/images/news/97343/97343/97343-640.jpg)
![Sony WH-1000XM6 Unveiled With Smarter Noise Canceling and Studio-Tuned Sound [Video]](https://www.iclarified.com/images/news/97341/97341/97341-640.jpg)
![Apple Stops Signing iPadOS 17.7.7 After Reports of App Login Issues [Updated]](https://images.macrumors.com/t/DoYicdwGvOHw-VKkuNvoxYs3pfo=/1920x/article-new/2023/06/ipados-17.jpg)
Inside the Mind of a Cyber Criminal: How Scammers Think and Adapt
Laura Kankaala, Head of Threat Intelligence, F-Secure Cyber criminals have made scamming a trillion-dollar business. As technology and the internet evolve, so do scams, making them the biggest threat consumers face every time they go online or use their phone. While organizations have been trying to keep up with scammers by employing different types of cybersecurity approaches and frameworks, that same focus has been missing in consumer cybersecurity - until now. The cybersecurity industry often focuses on specific instances of scams, like someone pretending to be Brad Pitt on a dating app, or a user accidentally clicking on a malicious social media ad. We also seem to focus a lot on the psychological aspects of a scam, like certain manipulation tricks that are employed. But putting too much focus on individual circumstances of scams can make the problem seem like whack-a-mole, with endless scenarios and unclear solutions. In reality, scams share common tactics—using similar techniques and tools to achieve their goals within a very distinct framework. This framework can be applied to make sense of the threat landscape for everyday internet users. Originating from the military, the term ‘kill chain’ has been historically applied to cyber security. Now, given the threat level scams pose to consumer safety, it’s only fitting to extend it to cover scams targeting consumers too. While there’s no way to completely prevent cyber crime, applying this framework can offer a valuable way of understanding and mitigating the risks. It emphasizes the importance of understanding how these scammers operate, so that preventative measures can be developed and implemented across the industry. Ultimately, you’ll find that there are eight distinct tactics that digital con artists use to choose, approach, and ultimately attack their victims within this kill chain. Beyond the tactics—or goals—it is clear there are techniques that scammers use to accomplish them. Here’s the framework that systematically breaks down tactics and corresponding techniques: Reconnaissance: A collection of techniques scammers use to identify potential targets. Think profiling, phishing, social media scraping, purchasing private data on the dark web, etc. Development: Techniques and tools available to develop the attack before contacting the victim. With AI and other tools now available to the public, scammers have become highly efficient and precise in using this tactic. Gone are the days when only the most technically proficient cyber criminals could pull this off—now, anyone with bad intentions and an internet connection can do it. Contact: Techniques and the variety of digital tools available to establish contact with potential victims. Scammers contact potential victims more often than they realize, whether via text, email, phone calls, dating apps, call spoofing, or other methods. Persistence: Techniques used to keep the scam going, such as using psychological manipulation tricks. Persistence is key when it comes to scammers gaining a victim’s trust and, ultimately, their money or personal data. Access: Techniques to gain access to data or accounts. Sometimes, the victim unknowingly shares their information by misplacing their trust; other times, the scammer steals it with malware. In some cases, there may be no direct interaction at all—data is stolen through breaches or SIM swapping. Exfiltrate: Techniques used to steal data from the victim. This includes C2 (command-and-control) servers, or direct control to the victim’s account through screen-sharing software or email forwarders. Lateral Movement: Techniques and ways scams can spread further, for instance, to the victim’s contacts. The scammer will often try to ‘infect’ other victims by spreading the scam via text, email, social media, or another method. They may also compromise the initial victim’s other online accounts through Password Reset or Single Sign-On features. Monetization: How the threat actors profit from accomplishing all or a subset of the previous tactics. This includes direct bank transfers, cryptocurrency, investment and Ponzi schemes, and selling their victims’ data. This is just a brief overview of the extensive anti-scam knowledge detailed in the scam kill chain framework. By analyzing the framework, patterns in scams that may seem very different on the surface can be identified. For example, investment scams and romance scams often use similar techniques to get victims to invest in fake opportunities. Sharing information about the scam kill chain aims to support the anti-scam industry in its fight against digital fraud, because detailed research is crucial for developing effective defenses.
Laura Kankaala, Head of Threat Intelligence, F-Secure
Cyber criminals have made scamming a trillion-dollar business. As technology and the internet evolve, so do scams, making them the biggest threat consumers face every time they go online or use their phone. While organizations have been trying to keep up with scammers by employing different types of cybersecurity approaches and frameworks, that same focus has been missing in consumer cybersecurity - until now.
The cybersecurity industry often focuses on specific instances of scams, like someone pretending to be Brad Pitt on a dating app, or a user accidentally clicking on a malicious social media ad. We also seem to focus a lot on the psychological aspects of a scam, like certain manipulation tricks that are employed. But putting too much focus on individual circumstances of scams can make the problem seem like whack-a-mole, with endless scenarios and unclear solutions. In reality, scams share common tactics—using similar techniques and tools to achieve their goals within a very distinct framework.
This framework can be applied to make sense of the threat landscape for everyday internet users. Originating from the military, the term ‘kill chain’ has been historically applied to cyber security. Now, given the threat level scams pose to consumer safety, it’s only fitting to extend it to cover scams targeting consumers too. While there’s no way to completely prevent cyber crime, applying this framework can offer a valuable way of understanding and mitigating the risks. It emphasizes the importance of understanding how these scammers operate, so that preventative measures can be developed and implemented across the industry.
Ultimately, you’ll find that there are eight distinct tactics that digital con artists use to choose, approach, and ultimately attack their victims within this kill chain. Beyond the tactics—or goals—it is clear there are techniques that scammers use to accomplish them. Here’s the framework that systematically breaks down tactics and corresponding techniques:
Reconnaissance: A collection of techniques scammers use to identify potential targets. Think profiling, phishing, social media scraping, purchasing private data on the dark web, etc.
Development: Techniques and tools available to develop the attack before contacting the victim. With AI and other tools now available to the public, scammers have become highly efficient and precise in using this tactic. Gone are the days when only the most technically proficient cyber criminals could pull this off—now, anyone with bad intentions and an internet connection can do it.
Contact: Techniques and the variety of digital tools available to establish contact with potential victims. Scammers contact potential victims more often than they realize, whether via text, email, phone calls, dating apps, call spoofing, or other methods.
Persistence: Techniques used to keep the scam going, such as using psychological manipulation tricks. Persistence is key when it comes to scammers gaining a victim’s trust and, ultimately, their money or personal data.
Access: Techniques to gain access to data or accounts. Sometimes, the victim unknowingly shares their information by misplacing their trust; other times, the scammer steals it with malware. In some cases, there may be no direct interaction at all—data is stolen through breaches or SIM swapping.
Exfiltrate: Techniques used to steal data from the victim. This includes C2 (command-and-control) servers, or direct control to the victim’s account through screen-sharing software or email forwarders.
Lateral Movement: Techniques and ways scams can spread further, for instance, to the victim’s contacts. The scammer will often try to ‘infect’ other victims by spreading the scam via text, email, social media, or another method. They may also compromise the initial victim’s other online accounts through Password Reset or Single Sign-On features.
Monetization: How the threat actors profit from accomplishing all or a subset of the previous tactics. This includes direct bank transfers, cryptocurrency, investment and Ponzi schemes, and selling their victims’ data. This is just a brief overview of the extensive anti-scam knowledge detailed in the scam kill chain framework. By analyzing the framework, patterns in scams that may seem very different on the surface can be identified. For example, investment scams and romance scams often use similar techniques to get victims to invest in fake opportunities. Sharing information about the scam kill chain aims to support the anti-scam industry in its fight against digital fraud, because detailed research is crucial for developing effective defenses.
