Life Cycle of a Scam chris October 17, 2024
resource

Life Cycle of a Scam

Understanding the scam lifecycle is important for creating a strong cybersecurity plan. This plan will protect your customers and your profits.

-2-0 CLOCK
Hours -2 to 0

Before First Invite Goes Out
Attacker sets up website and tests 27 minutes before first communication goes out to targets.

0-4 CLOCK
Hours 0 to 4

25% of Victim Visits Occur
Over the first 4 hours a quarter of the total scam victims will have fallen prey.

5-9 CLOCK
Hours 5 to 9

50% of Victim Visits Occur
Half of the victims have had their credentials stolen.

9 hours and 51 minutes

Anti-phishing ecosystem lists site as malicious.

Someone does not block access. Victims continue to engage.

Hours 10 - 18

90% of Victim Visits Occur.

At this point almost all victims have shared their credentials.

Hours 18 - 23

Last Victim Visit.

In less than 24 hours, someone steals the last victim’s credentials. This is typically where the lifecycle of a scam ends.

Impact After the First 24 Hours

Monthly Calendar

5 days, 14 hours, 48 minutes

First fraudulent transaction using stolen data.

7 days, 7 hours, 19 minutes

Compromised credentials found in “dump” on the dark web.

Related Articles