If you think ‘spear phishing’ sounds like an interesting arctic sport, perhaps you should think again. This type of phishing scam is a targeted attack aimed at one specific person, you. Fraudsters gather enough data from your online profile to send a personal email, often one that purports to be from a friend or work colleague. This person might appear to be sharing an article they think would interest you, or asking for a password to view your photos. You’d be surprised by how much hackers can learn just by trawling the internet; the email may include references to recent purchases or events you’ve mentioned on Facebook.
How does Spear Phishing Work?
Like every other phishing scam, the purpose of spear phishing is to steal personal data that can be used against you. If hackers can gain access to one of your online profiles, they’ll use the password and any details they find there to leverage other accounts, especially financial institutions or shopping sites that store your credit card information. Hackers may also collect confidential data that could damage your reputation if it were released. They could then use this information to extort money and blackmail you into giving them even more access. Our privacy protection packages at ReputationDefender can help safeguard against this type of threat, by analysing privacy weaknesses and reducing the amount of information thieves can find about you online.
Hackers will put even more effort into reeling in high-net worth individuals who yield a big pay-off when they’re caught. This is known as ‘whale phishing’, spear phishing for so-called ‘big phish’. Waling is aimed most particularly at CEOs and high-level executives who have access to financial accounts and confidential information about big companies.
Hackers will go to great lengths to compose an impeccably written email, mimicking the style and mode of address of someone known to the individual. Or they will copy a typical invoice so accurately it’s hard to tell the difference. The fake email will then direct the executive to download a document, visit a link, or even transfer money to pay a bill. Following the call to action will likely install malware that can steal passwords and download sensitive documents, effectively holding the entire company hostage.
Protect Yourself against Spear Phishing
Unfortunately, many people do fall for spear phishing scams, even CEOs who might be expected to be more cautious. Internet scammers often do such a good job of mimicking regular communication that it’s hard to tell the difference, especially if you’re a busy executive with a tightly managed schedule.
Follow these tips to avoid falling victim to spear phishing:
· Check the Address — If an email seems suspicious, compare the sender’s address with a real, verified email from that person. You’ll likely see very slight differences designed to pass unnoticed.
· Check the URL — If you’re asked to click on a link, take a close look at the URL. Does it match the format and domain you would expect from that person or company?
· Double Check the Person’s Identity– Even if the address seems correct, it’s worth taking the time to call the person or send a separate email to make sure they really are who they say are.
· Use Secure Passwords — Never use the same or similar passwords for different accounts. This just makes it easier for hackers. If you have a lot of accounts, use a password manager to generate and store unique, un-guessable passwords.
· Enable Two-Step Verification — This isn’t a fail-safe, but it will make it harder for hackers.
· Use Privacy Settings — Make sure your Facebook profile and other social media accounts are set to ‘Friends only’. Sharing personal details publically just makes you an easier target.