Routing Number : 311376753

Routing Number : 311376753

What You Need to Know About “Spear Phishing”

Data privacy and protection from hacker, identity thief or cybersecurity threat. Laptop and smartphone.

Have you heard about the dangers of “spear phishing?” Here’s what you need to know to protect confidential information and company data from this insidious form of phishing.

What Is Spear Phishing?

“Spear phishing” describes a targeted attack aimed at a specific individual with the intention of gaining access to their system or stealing sensitive information. This kind of cyber-attack is on the rise and can take you by surprise because it is easy to overlook a spear phishing email.

Disguised as Something Familiar

“Phishing” is a con game in which scammers use spam, malicious websites, and online messages to trick people into divulging sensitive financial or personal information.Unlike a standard phishing attempt, which casts a wide net in hopes of catching something, “spear phishing” is designed for one target and specifically tailored not to arouse suspicion.

The FBI website states “The emails are ostensibly sent from organizations or individuals the potential victims would normally get emails from, making them even more deceptive.” Since you think you are familiar with the sender, you may be less vigilant and more apt to click on a link or download an attachment.

Getting to Know All About You

Spear phishing works by using your web presence against you. An angler looking to spear-phish will troll social networking sites like LinkedIn or Facebook and follow your web presence to find out your interests and groups you belong to. The scammer can easily get your email address, trace your friends list, find out which businesses you frequent, and more.

Using this information, the cyber criminal will create a spear phishing email that spoofs the name of a person or business you will recognize. It may even reference a recent conversation, purchase, or group event. Since the email seems legit, you might start following a link or downloading a file, which will give them access to your sensitive data, including usernames and passwords.

Spear Phishing vs. Whaling

Spear phishing targets an organization or individual with a very specific message in hopes of gaining access. Someone at any level of an organization can be the victim of a spear phishing attack, which can introduce malware into a system or leak sensitive data without the victim being aware they are the breach in email security.

When spear phishing attacks are used against C-suite level business people, it is sometimes called “whaling.” By focusing on a specific target and learning everything publicly available, whalers try to penetrate to the highest levels of access and security within a company. Imagine the digital power of a CEO or CFO in finance, retail, manufacturing, or any other industry falling into the wrong hands.

The most sophisticated phishing attempts might use machine learning to identify potential victims with a digital presence or gather information on high-level targets. Hijacking an email account at the lower levels of an organization can even help the scammers gain access to the higher level individuals they will ultimately target. More sophisticated attackers may also use machine learning algorithms to scan through massive amounts of data and identify high-level individuals they most want to target.

Preventing a Spear Phishing Attack

Be aware of how much you share on social media and keep a keen eye out for suspicious emails, texts, or phone calls. Some ways to spot a spear phishing email include:

  • The email address is incorrect, but close to a known email address.
  • The message is usually urgent or tries to instill a sense of panic.
  • It refers to things like password changes, access codes, account numbers, or PIN numbers.
  • There may be spelling or grammatical errors, or the language used will seem wrong for the source.
  • The email contains links that don’t match the domain of the email address.
  • It includes attachments that were not requested and which are vaguely named.

Steps you can take at the individual and organizational level to prevent spear phishing are:

  1. Check the email address and name of the sender. Set up your email to show you both the user’s name and their email address, to avoid trusting an email based on the name of the sender only. Even the email address may be similar, with one letter changed or a number added. Some systems will warn you that a sender is not in your contacts. If this happens with a familiar name, that is an immediate red flag.
  2. Check the email format. If it does not look properly formatted, lacks signatures or security language, or in general does not match the style and layout of other emails from that sender, it may be a phishing attempt.
  3. Make a phone call. If anything smells “phishy” to you, pick up the phone and call the person, using your own contact list and nothing from the email itself. Ask the person if they sent you this email and why.
  4. Start your own email chain. If something seems wrong with the request, start a new email string and make sure that you are using the correct email address. Do not forward or include any attachments or links from the suspicious email. Confirm with the recipient whether they are sending you links or attachments and why.
  5. Verify links. Hover over any links in an email, which should display the destination website even if it is different from the text with the hyperlink. Watch for suspicious redirects or names that do not make sense. Alternately, use your own bookmarks to go to a trusted website, not the links sent to you in emails.
  6. Scan all attachments. Attachments can include malware that is itching to install itself on your system and can give the attacker ongoing access behind your back. Scan all downloaded files and attachments before opening. If their method of arrival gives you any reason to be suspicious, don’t open them at all. It is always a fine idea to reach out to the supposed source and ask what an attachment is before letting it onto your system.
  7. Vary your passwords, keep your security software up to date, and comply with your organization’s security advice when it comes to internal and external emails, texts, phone calls, and downloads. Report any suspicious emails to your IT department, manager, or supervisor.

Working Together to Stop Phishing and Cyber-Crime

Hacker hacking computer at night

The FBI, the U.S. Secret Service, and local law enforcement investigate and prosecute criminals for spear phishing attacks. If you or your company is targeted, reach out to law enforcement for further action. By taking smart steps with your personal information and keeping a suspicious eye on new contacts, you can help protect yourself and stop these crimes before they worm their way into your life.

At The People’s Federal Credit Union, we work hard to help our members secure their financial future with services and products tailored for Texas residents. With affordable auto loans, home loans, and credit enhancing programs, TPFCU is your trusted partner in financial security.

Stay up to date

Sign up our newsletter to get update information, promotion and insight.

Related Article

Asian girl making online payment using laptop for shopping at home

Are Online Banks Safe?

In an age where digital convenience is prized above almost everything else, online banking has surged in popularity. With this rise in digital banking comes

Long term investment. Investors keep their savings on time.

What Is Compound Interest?

If you’ve ever considered opening a retirement, investment, or savings account, chances are you’ve come across something called compound interest. Compound interest works differently from