How Spear Phishing Email Scams Target You Personally
Every day we are faced with new attacks on our computers, networks and personal information. One increasingly popular attack method has been labeled spear phishing.
Chances are, you’ve heard of the term phishing already. In case you are not familiar, however, just understand that traditional phishing is a numbers game. Large volumes of email are sent out to unsuspecting victims with the intent of tricking them into doing something that will compromise their security or finances. However, spear phishing is a more advanced form of phishing. In fact, this time, cybercriminals are making it personal.
What is spear phishing?
Spear phishing is more targeted to the individual. Attackers scour the Internet looking for information about certain individuals. They use that information to create a personalized email sent directly to one individual. The email is crafted to look like it is coming from someone you know and trust. Typically, the email will contain a link to a program or website that will attack the victim’s computer or steal private information.
These links may take you to a website where you will enter private information that can be used to damage you. These Web forms may include requests for account information, passwords, bank account numbers or other personal information.
What can you do to protect yourself?
Currently, these attacks are being directed at large organizations. They have large IT budgets and are more prepared to deal with these attacks. Yet, they are still falling victim to it. Therefore, it will not be long before attackers turn their attention to less tech-savvy small and medium-sized businesses.
The best defense is to be careful when opening any email. Many computer users have been trained to not open emails from people not recognized. This new attack, however, makes it necessary to be diligent with any email. Carefully study the senders email address and read the entire email body. One clue is to check the sentence structure in an email. Bad grammar and typos, weird or mismatched tone (too casual or too formal) to the email itself are all warning signs. If it’s from a sender you have received emails from before, such as your bank, compare the email to previous ones that you are certain are legitimate to flag any discrepancies.
One of the biggest tip offs is the links themselves. Any link in an email should be treated with suspicion. Do not hesitate to contact the sender and ask them about the link. If you do go to a site that asks for personal information – be careful. Do not go to the site through the link – open a browser window and search for the site or enter through your existing bookmarked portal, if it is something like your bank or online shopping account. If the site you visit does not use encryption, then you probably need to leave. You can tell if the address begins with HTTPS:// rather than HTTP://. The former means the site uses encryption to pass data.
Overall, your best weapon to defend against these attacks is education and vigilance. The last line of defense is you sitting in front of your computer.
March 9, 2016 / By: Leah