Scam communications: Cutting through the noise

Scam communications are a threat for both businesses and private individuals worldwide, especially as they continue to grow in volume and sophistication.

However, the sword of Damocles hanging over the matter requires a careful balance between analysis paralysis and brash action. For Alistair Farrugia, Senior Regulatory Analyst (Market Operations) at the Malta Communications Authority (MCA), the secret lies in widespread awareness and education.

“While scams are ever evolving, and no combination of solutions is available or possible to eradicate them, heightened awareness will help businesses and private individuals learn more about the threats that may be lurking behind that suspicious phonecall, email or link,” explains Mr Farrugia from the outset. “While trusting blindly can land you in hot water, a crippling sense of anxiety can hinder an organisation’s operation just as badly.”

Mr Farrugia brings with him a decade’s experience at the MCA, having first worked in innovation, before moving to regulation, where he witnessed scam communications evolve at close range.

“By leveraging advances in electronic communications networks and services, AI, as well as deploying increasingly creative attempts at number spoofing, the level of sophistication used by scammers has escalated dramatically in recent years. This is not merely an issue of fraud; it is a challenge that undermines trust in legitimate communications and threatens the ability of businesses to reach their audiences effectively,” he expounds.

Mr Farrugia notes that while private consumers are typically targeted more frequently simply because there are more of them, businesses are far from exempt. Some scams are specifically designed to infiltrate business systems and procedures, relying on psychological tactics and manufactured urgency to push unsuspecting individuals to make ill-advised decisions.

“For example, what is referred to as CEO email fraud relies on the power-dynamic that would exist between a member of senior management and their team members. An employee would receive an unexpected instruction, often a request from a senior such as a CEO to make some urgent, large-scale purchase using company funds. While the employee would be rushing to fulfil their senior’s request, they wouldn’t be aware that the CEO would be completely in the dark of such an order, since the email would have been generated from a spoofed email address,” Mr Farrugia illustrates.

“Similarly, employees could also receive an instruction from a supplier via email, asking them to amend payment details, update supplier information, or perform an unusual transfer. These messages can look very convincing, which is why employees can fall victim to such scams very easily,” Mr Farrugia continues.

“In both cases, employees would do well not to rush into action and verify such requests with their superior, the supplier or relevant party using a second trusted channel before taking action, such as over the phone or in person if that is an option. Failure to do so could expose the organisation to operational disruption, data compromise, significant financial losses as well as regulatory repercussions if customer information is affected.”

Yet beyond these immediate risks, the other side of the coin is that the proliferation of scams has created a second, more subtle challenge, referred to as noise. “As the public grows increasingly desensitised, legitimate communications risk being misread as suspicious. A routine announcement or marketing message may be dismissed simply because it resembles the tone, structure or urgency associated with a scam. For businesses, this can translate into lost engagement, reduced response rates, and a breakdown in the kind of trust that underpins customer relationships,” Mr Farrugia warns.

“Businesses must therefore be extremely careful about how they communicate. The classic red flags of scam messaging: urgency, ambiguity, alarmist language, shortened URLs, or an impersonal tone, should actively and consciously be avoided. Genuine messages that mimic these patterns, even inadvertently, can be mistaken for fraudulent attempts. Sensitive tasks, such as requesting customers to update personal details, passwords or payment information, should be handled with heightened care. Approaches that suggest imminent service disruption or blocked access can backfire, triggering suspicion rather than cooperation.”

Mr Farrugia explains how a practical way for businesses to mitigate this threat is using multiple channels. “By informing the public through broad communication channels such as TV and radio, or through their official website, and in good time of determinate changes or other sensitive requests, organisations can prepare their audience before sending the targeted messages. This reduces the likelihood of important communications being misinterpreted as scam attempts.”

Furthermore, businesses play a crucial role once a scam occurs, particularly when a victim approaches them because scammers have impersonated their brand. “How an organisation handles such a moment can define its relationship with that customer,” Mr Farrugia cautions.

“Advising victims to file the necessary reports, helping them understand the extent of any potential exposure, and providing clarity on whether their accounts, details or balances held with the business were affected can make a significant difference. Empathy is essential, and so is avoiding the tempting, yet hugely counterproductive instinct to play the blame game. People are often the primary vulnerability exploited by scammers, and understanding this can help businesses support victims while strengthening long-term trust.”

Ultimately, awareness remains paramount throughout the entire equation. “While public understanding is improving, underreporting remains an issue. There is no such thing as too much awareness,” Mr Farrugia stresses, “because scammers are extraordinarily inventive and continue to deploy their intelligence in the most creatively harmful ways. The MCA publishes ongoing guidance and information online to help the public stay informed, and businesses are encouraged to come forward and contribute actively to this national awareness effort, especially those sectors that are most frequently targeted.”

From a regulatory perspective, the MCA’s role in combating scam communications is both to raise awareness, as well as mandating and overseeing the implementation of measures to reduce the incidence of telephony-based scams. “One significant development followed from the introduction of anti-scam call blocking measures locally, back in November 2024, effectively stopping scammers from placing calls from abroad using spoofed Maltese fixed numbers. Up to the end of November this year, close to 800,000 phone calls were blocked through these measures,” Mr Farrugia recalls. “This practical action helped restore confidence in fixed-line telephony, benefiting both consumers and the businesses whose numbers were being misused.”

The primary message Mr Farrugia and the MCA have for the public and businesses is that vigilance must remain constant. This is the best form of protection against scammers. “Neither businesses, nor private consumers should ever rely on a single source of truth when making critical decisions. Training and awareness remain just as important as technical safeguards. Technology can strengthen an organisation’s defences against external attacks, but people remain the most fragile point of any system. That is why they are also the greatest opportunity for prevention when properly informed,” Mr Farrugia concludes.