You may get really good at spotting the signs of regular phishing attempts: generic greetings, misspellings and typos, phony links, and dire consequences if you don’t act now. But that doesn’t mean it’s time to let down your guard, because you still may be the target of “spear phishing.”
Spear phishing attacks are targeted right at individual users. Spear phishing hackers target people based on their internet habits, their social media profiles, and their occupation. And they construct carefully targeted messages to break down your defenses. While there may be differences from traditional phishing and spear phishing, the goal of the scammers is the same: obtain your personal information, such as user names, passwords, and credit card information.
Remember, no reputable company or organization will ask you to confirm your account password or personal details via e-mail. When in doubt, contact the company directly to verify the legitimacy of an e-mail or request for information.
A spear phishing call comes from a specific individual or group claiming to be part of a company or organization that you know or frequent. Here is one example:
Hi Josephine, this is Al from Let’s Go Webinars. I’m excited to work with you on your social media sites!
First, I’ll need to make sure the tool you use to conduct webinars is configured correctly… Can you please provide me with your user name and password for Let’s Go Webinars? I will also need your billing details for your latest subscription.
Spear phishers claim to know the people you work with, the websites you frequent, or the products or services that you recently purchased.
Criminals need some information about you in order to convince their victims that an e-mail is legitimate. They often obtain such information by hacking into a computer network or scanning websites, blogs, and social networking sites.
No more generic salutations, like “Dear Sir/Madam” or “Hello Cardholder.” Spear phishers know your name and maybe more!
Be aware of what you post online. The more information you give up on social media sites, support forums, and other public-facing sites, the more information spear phishers will have access to in order to gain your trust and confidence.
Here are some more examples:
Report Spear Phishing Attacks
If you receive a spear phishing email or text message, report it. The information you give can help fight the scammers.
If you receive a phishing email, forward it to the FTC at firstname.lastname@example.org and to the Anti-Phishing Working Group at email@example.com. If you got a phishing text message, forward it to SPAM (7726). Also, report the phishing attack to the FTC at ftc.gov/complaint.