What is spear phishing?Spear phishing is an email that appears to be from an individual or business that you know, but isn't. Typically a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may install malware on the user's device or direct them to a "look alike" malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details.
Sophisticated cybercriminals are using the techniques of professional marketers to identify the most effective types of messages to get the highest "open" or "click through rate". They build their assult around major events, holidays and anniversaries, or breaking news stories. After gathering information, the phisher will develop an email to mimic a "trusted organization" such as a bank. Some even create fake email accounts and pose as a victim's friend, sending emails from there.
Hackers are increasingly using this technique as a method to gain access to business systems. In other words, you may not be the target but your boss is. Spear phishing has become a great way for people to steal trade secrets and sensitive business data. How to avoid phishing
Like most other types of phishing related emails, spear phishing attempts can be easy to block. Here are some ideas to help you avoid falling victim. Follow the basic rule Most banks, social media platforms and the like will not send you an email requesting personal information. Call and verify before you click a link. It is never a good idea to click on links without being sure where you are going. If you are unsure, phone the sender and ask. If you are provided a phone number, don't call it. Instead look for a number on a website or previous physical correspondence. These guys are sneaky. Look at the document Phishing emails often originate in countries where English is not the main language. Look for spelling errors or strange sentence construction. The sender's email address can be a dead giveaway. When you spot them send the email as an attachment to firstname.lastname@example.org and delete it from your inbox. Never give personal information out over email Just plain common sense, you say? It isn't so common. If the sender requires personal information call their business and ask why, online can be risky.
Share only essential information Some forms have optional fields if they need more information, find out why. This limits how much information is available for a hacker or careless employee for that matter. I always use a separate gmail account for non business items. This cuts down on spam and provides a platform where I can look and see before I try.
Bookmark a security website Security websites such as Norton, SiteLock and all have blogs where they post the latest in security threats and more. Review them often, chances are your provider has a blog.