Monday, July 10, 2017

What is Spear Phishing and How Can You Stop It

If you have spent any time online, you have probably seen your fair share of fraudulent emails. From free offers on the latest wonder drug to information about the newest miracle diet, these emailed come-ons are everywhere, and clicking on them could compromise your security, or even your identity.

These phishing attacks have been around for quite some time, so long that many users have learned how to tune them out. With so many online users deleting, or simply ignoring, these run-of-the-mill phishing emails, scam artists have ramped up their efforts even more, and the result is an emerging threat called spear phishing.

As the name implies, spear phishing is a form of phishing attack, but it is highly targeted and can be much harder to detect. Instead of sending out millions of identical emails touting the latest miracle diet, spear phishing attacks target a much smaller audience.

Using emails that appear to come from a reputable source, like an employer or trusted friend, these spear phishing attacks seek to evade spam filters and jaded internet users alike. Even savvy computer users have been fooled, and if you do not know what to look for, you could be the next victim.

One of the things that distinguishes spear phishing from its less sophisticated counterpart is its level of personalization. Instead of the standard Dear Sir or Dear Madam, the scammer on the other end of the spear phishing attack calls you by name. The attacker may even know where you work, or the names of people in your network.

That personalization can throw even the sophisticated user off guard and cause them to lay down their defenses. That is why it is so important to review any incoming messages carefully, looking for signs that the person or organization on the other end is not who they claim to be.

From obvious mistakes like spelling errors and grammatical problems to company logos that just do not look right, there are a number of things to watch out for. Users should also be wary if the message asks for personal information like account numbers of Social Security numbers - these are things that should never be sent via email.

Last but not least, if you have even the slightest suspicion that a genuine-looking email is actually a spear phishing attack, contact the supposed sender to verify its authenticity. You can never be too careful in this world of rampant identity theft, ransomware attacks and other online dangers.

As with any online threat, prevention is the best defense. Spear phishing scams often use the information people post online against them, creating convincing messages that can fool even the most vigilant. If you want to protect yourself, take a few minutes to review your online presence, including information you have already shared. Sharing your email address, or the email addresses of friends and family, online can be quite dangerous, as can revealing personal details, like pet names, birthdates and the names of your children. Since these details are often used as challenge questions and in online profiles, sharing them on social media could put you at risk and open you up to the threat of spear phishing.

Spear phishing is not going away any time soon, and the best defenses are vigilance and common sense. Be wary of requests coming in through email, watch what you share and trust your intuition. Think before you click, and use your own common sense to protect yourself, your identity and your data.

Robert Blake
www.bitxbit.com
800.860.5831 x190