In case you missed the memo, we are in the midst of cybersecurity awareness month – your annual opportunity to ponder why you still use the same password for every online service and can’t be bothered paying for antivirus software.
As the late Nigel Latta told me a couple of years back after he’d made a documentary about online scammers, we are our own worst enemy when it comes to cybercrime: “95% of it relies on us doing something,” he said. “If we click on the link, if we give over our personal information because the person on the phone sounds convincing and they say they’re from the bank, then at some point, you know, there is a personal responsibility in the stuff.”
He was right. But there was a time when scams were easier to spot – the badly written requests for urgent wire transfers or the dodgy-looking web address masquerading as your bank’s landing page.
Modern scammers have learnt new tricks. They pose as couriers, banks, government agencies or loved ones in trouble. They use spoofed numbers, cloned websites and even voices and faces generated by artificial intelligence. Every ping of a message or ring of the phone carries a whisper of doubt. Can I trust this? Is this real? It’s too much for us to filter out by human intuition alone.
Into this maelstrom steps Trend Micro, one of the world’s more established cybersecurity players, with a new weapon called ScamCheck. Available as a mobile app, it promises to scan your text messages and phone calls in real time, using AI to detect and flag potential scam attempts. If a text contains a suspicious link or a call seems likely to be spoofed, the app warns you before you click or answer.
For an annual subscription of $79 for one device, it sounds like a welcome bit of armour for weary consumers in an environment where digital trust has eroded almost completely.
To its credit, ScamCheck, does what it claims to do – at least, most of the time. It can highlight dodgy-looking messages before they do harm. That could help prevent a devastating phishing attack or bank account compromise.
The most useful feature lets you take a photo or screen grab of a suspicious-looking email or text message and have ScamCheck’s AI analyse it to determine whether it is legitimate.
A deep fake scanner lets you tap a button during a video call to check for AI face-swapping scams. Yes, that is now a thing.
The concept is solid. But like so many pieces of reactive technology, the execution is less elegant. ScamCheck feels tacked on, an extra layer atop the phone’s operating system rather than something seamlessly built into it.
For instance, it needs to become your default SMS app to screen your incoming messages, and its interface isn’t as good as the one on my Android phone.
The app makes users jump between screens to check scan results or adjust settings. It’s the sort of experience that will deter the very people who most need this kind of protection.
The fact that users have to install yet another app to protect against fraud reveals the uncomfortable truth that our devices and digital services aren’t secure by default. We’ve created a vast, interconnected digital economy, and then outsourced much of its safety to third-party patchworks like ScamCheck.
True progress will come when security isn’t something we have to bolt on but is woven invisibly into the design of the technologies we trust every day.
Until then, apps like ScamCheck are the best we’ve got, but they’re also a reminder of how far the industry still has to go.
