Catches of the month: Phishing scams for November 2019

It’s easy to find advice online about how to spot phishing scams, but do you know how they work in the real world?

Our ‘catches of the month’ feature provides examples of recent phishing scams, showing you the latest tactics that scammers use and what you should do to keep yourself and your organisation secure.

So, what should you be looking out for this month?

The ‘word of honor hacker’ doesn’t keep his word

It’s one of the oldest tricks in the cyber criminal book: tell someone you’ve caught them watching porn and demand money for your silence.

This scam is a regular resident of spam folders, but it occasionally reaches recipients’ inboxes – and once that happens, there are lot of people with guilty consciences who are unfamiliar with sextortion scams.

The owner of, one of the latest to receive a blackmail threat, reported that 17 people had paid ‘the word of honor hacker’, the scam operator.

A 'sextortion' scam claims to have evidence that the recipient watched pornography.

An excerpt of the email sent to

But the criminal hacker’s word isn’t as golden as they’d have you believe. Why? They almost certainly don’t have any proof of your browsing habits or webcam footage of you.

Don’t get us wrong: it’s definitely possible to obtain such evidence, but that would require a sophisticated cyber attack, which would likely involve planting malware on the victim’s computer or exploiting a website’s API – both of which take time, resources and expertise.

And why go to all that effort when plenty of people will believe you based on an email alone? That’s how most phishing scams work: if the scammer sends enough emails to people imitating Amazon or Netflix or PayPal, they’re bound to hit a decent percentage of people who use those services.

Now consider the fact that you are much more likely to find a porn watcher than a Netflix subscriber.

The streaming service is expected to hit 9.5 million UK subscribers in 2020. By contrast, a Times survey from earlier this year found that 58% of people in the UK say they watch porn. That equals about 35 million people aged 16 and over.

As with all phishing scams, these messages are designed to make you panic. Although it’s understandable that you might prefer to be safe than sorry, you should know that there are almost no instances of scammers releasing their apparent evidence.

If you’re in any doubt about a scam’s legitimacy, try Googling a couple of sentences from the message to see if it’s part of a template. You can also browse scam forums (like Reddit’s r/Scams), where you’ll see testimonials from others who were put in the same position as you.

See also:

Alabama hospital employees give criminal hackers their account details

Hospitals are prime targets for cyber attacks because they hold vast amounts of personal data and are often underfunded, meaning few resources are dedicated to information security.

UAB Medicine, based in Birmingham, Alabama, became the latest facility to learn this, after criminal hackers conducted a phishing scam that gave them access to nearly 20,000 patients’ personal details.

The breached information includes patients’ names, Social Security numbers, medical record numbers, birth dates, the dates and locations of hospital visits, their diagnoses and the treatment that was given.

Despite the wealth of information that was compromised, the scammers appeared to be primarily interested in gaining access to employees’ payroll portals.

Their bogus email replicated the email address of a company executive, asking recipients to complete a survey.

UAB Medicine hasn’t discussed what the message looked like or how it worked, but the most likely explanation is that the attached form asked employees to enter their login credentials.

A similar scam occurred at Washington State University last year:

Scam email imitating Washington State University

The university explained to staff how the scam works

Once the UAB Medicine employees clicked the link and handed over their details, the attackers logged into the victims’ accounts and attempted to update the direct debit information to redirect payments into an account that they controlled.

Fortunately, the hospital prevented all attempts for these changes to be made – presumably thanks to a process that requires further confirmation after payment details have been updated.

We saw the benefits of a similar setup at a Texas-based healthcare facility a few months ago, with Wise Health System requiring hard-copy checks to be made whenever there was a change to direct deposit information.

If your organisation doesn’t already have a system like this in place, now is the time to implement one. While you’re at it, you should consider how well prepared your staff are for phishing threats, because a compromised account is still a data breach even if the fraudulent payment didn’t go through.

Spot a scam before it’s too late

You can find out more about the tactics cyber criminals use and how to spot them with our Phishing Staff Awareness E-Learning Course.

This 45-minute course uses examples like the ones above to explain how phishing emails work, the clues to look for and the steps to take to avoid falling victim.

Find out more