Phishing is when a scammer tries to trick people into giving away their private information such as passwords, credit and bank card account details and financial information. They do this by pretending to be a legitimate companies and then trying to convince a target to open a spam email, click on a dodgy link or go to a fake website.
As the years have gone by online scammers have become more sophisticated and a result of that is spear phishing. It is called spear phishing due to its narrowed focus on a target. Unlike phishing where the scammer hopes that someone will be foolish enough to fall for the con; spear phishers do their research to make themselves more convincing and more effective.
Spear phishers attempt to find out as much about their targeted victims as possible. They will most likely know your email address and perhaps a little bit about your personal life. They do this by scouring the internet for their target. Imagine all of the things that you have posted on social media over the years, if your privacy settings are not robust then a phisher can easily find out a lot about you. They can easily learn who your friends are, what business’s you use and the things you like. Spear phishers are likely to send their victims emails that are personalised and be associated with either someone you know or a recent purchase you’ve made. Because the email appears to be from someone you know, you are less likely to be vigilant and give them what they want. If it claims to be from a business you trust asking for urgent action on an order for example, you are likely to act before thinking.
The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: "Hi Bob" instead of "Dear Sir." The email may make reference to a "mutual friend." Or to a recent online purchase you've made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it's a company you know asking for urgent action, you may be tempted to act before thinking.
When using social media always ensure that you use strict privacy settings. Even then however if a contact on your friends list has had their account compromised the scammer may still be able to see your posts. Using information gleaned from social media can allow a scammer to pose as a friend. Never give anyone your passwords or financial details over the internet as you can never be too careful. If a friend does ask for passwords or other sensitive information give them a call to verify that it is indeed them doing the asking.
How much information is out there about you that could be used to scam you? Your name? Email address? Friends' names? Their email addresses? Are you on, for example, any of the popular social networking sites? Take a look at your posts. Anything there you don't want a scammer to know? Or have you posted something on a friend's page that might reveal too much?
Education is the best way to counter the threat posed by phishers. Business leaders should sign up to and take PGI Cyber’s Cyber Security Awareness Course (CSA) which provides a comprehensive syllabus for protecting your own and your businesses online identity. For more information click here.
Call us now to discuss your requirements with one of our consultants.
Want to stay updated on the latest cyber-security news that can affect your organisation? Sign up now to our Cyber Insight Weekly delivered 1st day of every month.