The most successful method of obtaining confidential information on the internet is by using a scam known as spear phishing. This is a targeted attempt against a specific victim, usually for malicious reasons.
The attacker will disguise himself or herself as a trusted friend or organization and often has enough personal information on the victim to come across as legitimate. Employees of financial organizations are frequently the targets of spearfishing attempts in which wire transfers are requested from a seemingly familiar source. Constant vigilance is necessary to prevent these attempts.
Phishing VS Spear Phishing
While spear phishing has some things in common with phishing, there are also some differences. Phishing is an attempt to coerce victims into sharing confidential information such as usernames, passwords, SIN or credit card numbers. Phishing attacks are typically sent to large numbers of people with the expectation that at least some of them will click on a link or download a file that contains malware.
Spear phishing is much more personalized. The attacker targets a specific victim and takes the time to get to know as much personal information as possible in order to be able to fool the victim into believing the attack isn’t anything to worry about. Spear phishing attacks are usually harder to identify than phishing attacks.
Protecting Yourself from Spear Phishing
It’s important always to be vigilant that any email you receive could be a spear phishing attempt. Hackers may obtain domain names that are one letter different than the valid domain, making it difficult to realize an email isn’t legitimate. Avoid opening suspicious emails or clicking on links in emails.
Organizations can reduce the chance of a targeted attack by keeping software such as web browsers, PDF readers, word processing software, and the computer’s operating system as up-to-date as possible. Wherever possible, automatic software updates should be enabled. Software updates typically include security updates that should help to protect you or your organization from most attacks. Email filtering technologies, firewalls and data loss protection technology are other methods of protecting sensitive data.
Remember to change passwords frequently, and to use passwords that are difficult to guess. The tendency to reuse simple passwords can make you an easy target, and if you use the same weak password in multiple places, you’re increasing the chances that you could be targeted in several different places.
Members of your organization should be trained to be aware of possible threats and to be suspicious of out-of-the-ordinary emails or attachments. By being vigilant and cautious, you can help to avoid being hacked in a spear phishing attack.