While phishing attacks get the most press, spear phishing attacks can be much more dangerous. A phishing email has no intended target and is designed to barrage thousands of endpoints, hoping to get a bite. Spear phishing on the other hand, generally takes a targeted and thoroughly researched approach to sending malicious emails. With closer attention to detail and an understanding of how their target operates, a cybercriminal can have a much higher success rate and could potentially land a bigger payday.
To pull off a phishing scheme, a cybercriminal needs to do a little homework. With their target selected, the attacker will use the internet to research as much as they can. Using social media sites, work-related networking sites, and others, the attacker will craft a customized plan to dupe you. They may look for your name, location, job title and duties, recent vacations, companies you do business with, and anything they could get their hands on. The cybercriminal will insert as much information as possible into their email to make it feel more personalized and legitimate.
Here are some examples:
- They could pretend to be a representative from the hotel you recently stayed at, asking you to update your payment information.
- They may pose as your mobile service provider, asking you to log into your account to clear up an issue.
- Or they may imitate a friend or family member asking you to download some of the pictures that they took from the other night.
All of these details could have been found online and provided by you. By using these specific details, these emails become much harder to spot as being malicious and trick a larger number of individuals.
Although these emails are harder to spot, there are ways we can protect ourselves from becoming a victim of spear phishing.
- Limit the information you are sharing on social media profiles or set the permissions on your posts to “Friends Only”.
- Read every email carefully and know what it is being requested of you.
- Hover over links that are provided in emails before clicking on them, which will show you the true path of where the link is taking you. If you are ever unsure, don’t click on any links, or download any attachments, and contact the sender directly to confirm if it was truly them reaching out.
Want more cybersecurity tips to help keep your business safe & secure? Sign up for our email newsletter and have new articles & tips delivered straight to your inbox twice a month.