Have you ever received an email that clearly was not legit? Maybe it used poor grammar or had misspellings that tipped you off. Well, times have changed. The bad guys are a lot smarter now and their phishing emails are more sophisticated. More targeted attacks are being directed at specific individuals, companies, or even schools. Attackers often gather and use your personal information to increase their probability of success. These emails may look like they came from a friend or someone in your company or school. This tactic is referred to as “Spear Phishing.” There are steps you can take to help you protect yourself.
- Before you click on any links in an email, hover over the hyperlink to see the destination URL first. Spear phishers will often hide their URLs in email text with things like “just click here to confirm” or “we just need some more information, please fill out this form,” in order to get someone to click without thinking about it. Hovering over the linked-text will show you the URL that the link is pointing to. If it’s not familiar, don’t click.
- A favorite tactic of spear phishers is to find a list of executives at a company or school and send emails impersonating those executives to get users to reveal sensitive information. If you get an email with any request that seems out of the ordinary — no matter who it is from — check with the sender to confirm it is legit. If that person says they didn’t send an email, then the issue should be reported to the appropriate individual.
- Very often, spear phishers will email employees or students and ask for confidential information such as users’ passwords, W-2s, or corporate banking information. Sending this information over email is never a good idea. Make sure you alert someone if anyone makes these types of requests, as it is an indication your company or school may be the target of phishing attacks.
- A key part of a spear phisher’s strategy is using the personal information they find out about their potential targets online. Posting too much personal information publicly can help spear phishers successfully complete mission.
As always, make sure your computer is installed with a spam filter, up-to-date anti-virus and anti-spyware software, and a strong firewall.
Want to learn more? This article has some great information: https://www.webroot.com/us/en/resources/tips-articles/what-is-phishing