Spear Phishing: The Sport of Scams
June 15, 2012
Allison here, with AllClear ID. Many of us are aware of what phishing is: the act of acquiring personal information by impersonating a trustworthy entity, such as the FBI. However, there’s been a growing trend in email spam, targeting people specifically by impersonating a friend, family member, coworker or neighbor. It’s called spear phishing, and yes, when scammers do it, they are targeting you in particular.
Spear phishing works exactly like regular phishing, except that the scammer might use information relevant to you or to the person being impersonated to try and to get you to give up your private information. For example: if it’s coming from a coworker, it might be an email asking you to add your information to a company. If coming from a friend, it could be an email asking you to sign up for an event or a deal that you may like. The whole point is to get you to click on a bad link or to open a bad attachment, which will allow them to get your password and to steal your identity.
Deciphering spear phishing emails from the normal emails may be a bit tougher to figure out. The differences between the spear phishing emails and those from your colleague or sister could be subtle, at best. If you’re unsure whether the email actually came from your colleague or sister, send them a message to see if he/she actually sent the email. Don’t respond to the email or click any links/attachments! These scammers want you to act quickly and without thinking. Take the time to think if something doesn’t seem right.
One thing to do is to be mindful of the information you share on social media forums like Facebook, as that’s how these scammers are able to impersonate someone and tailor phishing scams to your interests. If you post your Foursquare check-ins on Facebook all the time, and it’s apparent that you go to coffee shops a lot, then an email from a “friend” of a coffee shop coupon or newsletter could interest you and get you to give up your personal information. Privacy settings only work so much since your friends may not have them, so others could exploit loopholes to find information. Main point: be mindful of what you and your family does online.
These scammers specifically targeting you are only doing so because you have something they want: passwords and personal information. Don’t give up your info via email, even to a friend, colleague, or family member. Be safe, double check, and as always, stay all clear.