Follow us on our LinkedIn company page   Follow us
Resize font  
Call us now on 0845 600 4403
 Cyber Incident Helpline +44 (0)1454 451801

12 Days of Cyber – What is Phishing and Spear Phishing

 19th December 2015

Not to be confused with the sport of fishing, phishing is the name of a strategy employed by conmen operating online.

Phishing is when a scammer tries to trick people into giving away their private information such as passwords, credit and bank card account details and financial information. They do this by pretending to be a legitimate companies and then trying to convince a target to open a spam email, click on a dodgy link or go to a fake website.

As the years have gone by online scammers have become more sophisticated and a result of that is spear phishing. It is called spear phishing due to its narrowed focus on a target. Unlike phishing where the scammer hopes that someone will be foolish enough to fall for the con; spear phishers do their research to make themselves more convincing and more effective.

 What to Look Out For

Spear phishers attempt to find out as much about their targeted victims as possible. They will most likely know your email address and perhaps a little bit about your personal life. They do this by scouring the internet for their target. Imagine all of the things that you have posted on social media over the years, if your privacy settings are not robust then a phisher can easily find out a lot about you. They can easily learn who your friends are, what business’s you use and the things you like. Spear phishers are likely to send their victims emails that are personalised and be associated with either someone you know or a recent purchase you’ve made. Because the email appears to be from someone you know, you are less likely to be vigilant and give them what they want. If it claims to be from a business you trust asking for urgent action on an order for example, you are likely to act before thinking.

The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: "Hi Bob" instead of "Dear Sir." The email may make reference to a "mutual friend." Or to a recent online purchase you've made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it's a company you know asking for urgent action, you may be tempted to act before thinking.

Make sure to set your social media to private

When using social media always ensure that you use strict privacy settings. Even then however if a contact on your friends list has had their account compromised the scammer may still be able to see your posts. Using information gleaned from social media can allow a scammer to pose as a friend. Never give anyone your passwords or financial details over the internet as you can never be too careful. If a friend does ask for passwords or other sensitive information give them a call to verify that it is indeed them doing the asking.

How much information is out there about you that could be used to scam you? Your name? Email address? Friends' names? Their email addresses? Are you on, for example, any of the popular social networking sites? Take a look at your posts. Anything there you don't want a scammer to know? Or have you posted something on a friend's page that might reveal too much?

Education is the best way to counter the threat posed by phishers. Business leaders should sign up to and take PGI Cyber’s  Cyber Security Awareness Course (CSA) which provides a comprehensive syllabus for protecting your own and your businesses online identity. For more information click here.  

For the latest PGI updates like our pages on LinkedIn – PGIPGI Cyber and Facebook – PGIPGI Cyber

 

 

Call us now

Call us now to discuss your requirements with one of our consultants.