Spear Phishing – The Most Vicious And Effective Phishing Attack
May 24, 2017
What is spear phishing?
Spear phishing is a cyber-attack that utilizes your personal information to target an individual. The attack often comes as an email, often disguised as someone you know or a company you do business with. Unlike a standard phishing attack, the spear phishing criminal already has some of your information, making the attempt more difficult for you to detect. Spear phishing attackers do their research, usually using the information you have voluntarily posted on social networks. Today is it relatively easy to determine where you work, shop, and bank, and get names of people you have connected or communicate with from social networks such as Facebook, Twitter, and LinkedIn.
For example, you may get an email that appears to come from a company that you normally do business with, that contains a link for you to login to your account. The link can take you to a website that appears legitimate, but is actually a fake site designed to capture your login credentials. An even more sophisticated attack will link you to the real company’s website, but capture and send your credentials to the attacker. Once the cyber-criminal has your login information, he will have full access to your information, and can make purchases, bank withdrawals, or post incriminating remarks or photos on your behalf. Spear phishing attacks can be extremely convincing, and have been determined to be ninety percent more effective than a standard phishing attack.
How to protect yourself from a spear phishing attack:
While detection can be difficult, there are a few things you can do to avoid being a victim of a spear phishing attack:
• Keep in mind that most companies, banks, agencies, etc., don’t request personal information via e-mail. If in doubt, give them a call (but don’t use the phone number contained in the e-mail—that’s usually phony as well).
• Use a phishing filter…many of the latest web browsers have them built in or offer them as plug-ins.
• Never follow a link to a secure site from an e-mail—always enter the URL manually.
• Don’t use the same passwords on multiple websites.
• Be judicious about the information you share on social networks.
There are also automated protection systems that can be put in place to detect spear phishing attacks. By constant, real-time analysis of email systems and web traffic, spear phishing attempts can often be detected and prevented before it’s too late and your personal information becomes compromised. CalTech specializes in threat management systems that, along with conscientious personal practices, can detect a variety of phishing attacks before they occur. For more information, contact CalTech at firstname.lastname@example.org.