What is Spear Phishing

Phishing is where the scammer tries to obtain sensitive information such as logins,  passwords and payment card details by pretending to be a trustworthy organisation e.g. your bank or local council or a major retailer.

This kind of attack is usually carried out by email or instant messaging and often directs the user to enter confidential information at a fake website, which looks identical to the expected legitimate site.

When phishing is targeted at specific individuals or companies, then it is called “Spear Phishing”.

How Spear Phishing Works

For example. An email arrives, claiming to be from a trustworthy source and the sender knows your full name, job title and department for example. The scammer has done their homework to get this information about you to give the scam a higher chance of success.

A link in the message takes you to a bogus website made to look like the expected website.

The fake website looks legitimate but only exists to take the users confidential information and pass it to the scammer.

These emails often use clever tactics to get victims’ attention. For example, the FBI has warned of spear phishing scams where the emails appeared to be from the National Centre for Missing and Exploited Children.

Cyber criminals employ individually designed approaches and social engineering techniques to effectively personalise messages and websites. As a result, even high-ranking targets within organisations, like top executives, can find themselves opening emails they thought were safe. That slip-up enables cyber criminals to steal the data they need in order to attack their networks.

How to Protect Yourself

Attackers utilize various social engineering techniques that leverage recent events, work-related issues, and other areas of interest pertaining to the intended target.  Don’t publish any private information about yourself.

Training employees to spot misspellings, odd vocabulary, and other indicators of suspicious mails may reduce the chance of people being caught out by these scam attacks.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.