A common form of cyberattack, phishing scams usually involve a message that seems to be sent to you personally, often with an urgent request. For instance, it might seem like your bank is sending an email or text, asking you to input your username and password because of a “security breach.” In fact, it’s a scammer trying to get information to hack your account. The emergence of this threat is a major concern and why phishing protection is top of mind.
The newest form of this threat is spear phishing, which exploits known relationships to target specific individuals or groups of people. This enables attackers to get around spam filters that would otherwise catch a phishing message so they can leverage valuable tidbits of information about you.
In a standard phishing attack, the victim supplies sensitive data, such as account numbers or passwords. With spear phishing, however, victims are asked to take some type of action that subsequently downloads malware onto a computer. The action might be as simple as clicking a link or opening a file.
Some spear phishing identity theft examples include:
- About 20,000 senior executives at major corporations were sent personalized emails that claimed to be from a legal firm serving a federal grand jury subpoena. The recipients were asked to install a browser add-on to read the subpoena, but the add-on was actually malware designed to steal personal data off their computers. About 10 percent of the recipients took the bait.
- The FBI has issued a warning about spear phishing attacks disguised as emails from the National Center for Missing and Exploited Children. These might be sent to parents or school employees, and contain malicious files professing to be photos of missing children.
- A research analyst in Washington, D.C., posted examples of fake LinkedIn invitations received as part of a spear phishing scam. The invites claimed to be from government employees and mentioned secondary contacts that the analyst already had on LinkedIn.
Spear phishing emails can also seem to come from a friend. They may, for instance, reference a mutual friend or a recent online purchase you’ve made. This kind of claim tends to feel real, but the information is taken from online shopping histories, LinkedIn profiles, social media and other data-rich sources.
Spear Phishing Identity Theft Protection
When considering how to protect your privacy online, several tactics can be useful for fending off spear phishing attackers. Here are some tips:
- Tighten up security settings on your social media accounts so that only friends can see information like friend lists, posts, personal data and photos. And don’t accept friend requests from people you don’t know.
- When you receive an email asking you to download software or click on a certain link, think twice. Even if it’s from a seemingly trusted source, it could still be a spear phishing attempt.
- Make your passwords difficult to guess and change them often. A scammer can uncover quite a bit of information about you if given access to sites that have abundant personal details, like Facebook.
In general, think about how to protect your privacy online whenever you post, tweet or chat. Divulging a great deal of detail about your purchases, travel plans, work events or other information can make it easier for spear phishing attackers to target you. Be cautious and protect yourself, so you don’t become part of the list of spear phishing examples.
Image courtesy of Flickr user Emilio Küffer.