Cyber scams aren’t always clumsy typos and obvious red flags anymore. The bad guys are getting more creative—and more convincing. Here are some of the sneakier tactics we’re seeing lately, and how to protect your business (and your inbox).
1. Lookalike Domains
Spammers register fake domains that look nearly identical to real ones.
- Example:
rnicrosoft.com(with an “r” and “n”) instead ofmicrosoft.com - This is especially dangerous when paired with fake login pages or fake invoices
2. The “Impressed With Your Work” Email
These come from someone claiming to admire your business or personal work—but the goal is to get you to click a malicious link or open a malware-loaded attachment.
- Common phrases: “I saw your portfolio”, “Let’s collaborate on a project”, etc.
3. Fake Calendar Invites & Collaboration Requests
Attackers will send fake Google Drive, Dropbox, or DocuSign links that appear to come from coworkers or vendors. One click can give away credentials or infect your device.
4. Business Email Compromise (BEC)
Scammers pose as a trusted contact—like your boss, finance director, or even a vendor.
- They often ask for gift cards, wire transfers, or confidential data
- Requests may seem urgent, casual, and unusually short to avoid suspicion
5. QR Code Traps
QR codes in emails, on flyers, or even in public places can lead to phishing sites or trigger malware downloads.
- Holiday shoppers beware: QR codes on “limited-time deal” signage are a common scam vector
6. Fake Job Offers
Scammers pose as recruiters or HR reps and offer roles that seem too good to be true.
- Targets are often asked to fill out forms, buy equipment, or click to “accept” their offer
7. The Shared Corporate Document Scam
You get a file-sharing email that looks like it’s from a colleague or leadership team member.
- Instead of a document, the link leads to a fake login page or download
8. AI-Generated Impersonation
Deepfake audio, AI-generated writing, or spoofed caller IDs are making it easier to mimic real people.
- We’ve seen cases where voicemail messages sound like your CFO—but aren’t
What You Can Do
- Hover before you click: Always inspect URLs and email addresses
- Verify out-of-band: If you get an odd request from a coworker, call or message them another way
- Use multi-factor authentication: Adds an extra layer of defense
- Update your security training: Today’s attacks look nothing like last year’s
- Talk to your IT team: Make sure reporting suspicious messages is easy and encouraged
Scammers are evolving. Your defense strategy should too.
Need help updating your security awareness or phishing protection tools? Let’s talk.
