resource
Life Cycle of a Scam
Understanding the scam lifecycle is important for creating a strong cybersecurity plan. This plan will protect your customers and your profits.
Before First Invite Goes Out
Attacker sets up website and tests 27 minutes before first communication goes out to targets.
25% of Victim Visits Occur
Over the first 4 hours a quarter of the total scam victims will have fallen prey.
50% of Victim Visits Occur
Half of the victims have had their credentials stolen.
9 hours and 51 minutes
Anti-phishing ecosystem lists site as malicious.
Someone does not block access. Victims continue to engage.
Hours 10 - 18
90% of Victim Visits Occur.
At this point almost all victims have shared their credentials.
Hours 18 - 23
Last Victim Visit.
In less than 24 hours, someone steals the last victim’s credentials. This is typically where the lifecycle of a scam ends.
Impact After the First 24 Hours
5 days, 14 hours, 48 minutes
First fraudulent transaction using stolen data.
7 days, 7 hours, 19 minutes
Compromised credentials found in “dump” on the dark web.
Related Articles
-
How Fraudsters Are Outsmarting Traditional DefensesSmaller banks face a surge in cyberattacks. Learn why mid-sized institutions are now... -
Why Smaller Banks Are the New Bullseye for CybercriminalsSmaller banks face a surge in cyberattacks. Learn why mid-sized institutions are now... -
Generative AI is Powering FraudLearn how fraudsters leverage generative AI to scale attacks using deepfakes, phishing, and... -
Account Takeover (ATO) Fraud 2025Brand impersonation attacks are escalating rapidly, particularly targeting community banks and credit unions.... -
PsyOps of Phishing: A Wolf in Shepherd’s ClothingI am sure we all have encountered CAPTCHA while browsing the internet. “Verify... -
SharkBot Trojan Embedded in Mobile Banking ApplicationDuring a recent partner mobile malware scan, Allure Security identified a rogue mobile...