We have all probably heard of ‘Phishing’ (Phishing is a way that criminals get sensitive information (like usernames or passwords). It is a method of social engineering. Very often, phishing is done by electronic mail. This mail appears to come from a bank or other service provider.) But have you heard of ‘Spear Phishing’?
This might sound like something you would do in the wild to catch your supper, but spear phishing is smarter and very dangerous form of cyber-attack.
Whereas ‘phishing’ is more a random form of attack, Spear phishing does research a few handpicked people and sends them personalised and much more believable emails.
It’s a much more sophisticated form of attack, posing as an associate or friend, or service provider like your bank. This makes you lower your defences, thinking that the sender is a reliable source. They will ask you to click on a malicious link and then for you to provide private data like passwords, bank details etc.
Spear Phishing is usually directed at an individual or organisation. The hackers will have done their research on you, they will know your name and email address and by trawling through your social media accounts, they will have gained personal information about you, all done to gain your trust to make you believe that the email is from a genuine source.
If trying to attack an organisation or business, the hackers will go through the employees, seeing them as the weakest link. They will use the name of a trustworthy ‘supervisor’ in the business, as an example, and will ask the employee to click on the malicious link. Often these ‘false’ emails will be targeted to a group of employees, making it seem even more legitimate. Once into the system of the organisation by gaining sensitive information, the cyber-attackers can then gear up for a bigger cyber-attack on the business.
This form of attack on businesses is much easier for the hackers, why make a full-frontal attack by trying to hack into a complex security infrastructure, when you can use ‘spear phishing’ to get in the back door!
Spear phishing relies on peoples curiosity, even though we are told hundreds of times not to click on suspicious links, many of us still have the urge to do it, especially if we are not sure the sender is real or not. It’s the ‘Don’t Press the big red button’ syndrome! We are being psychologically tricked, an old practice that confidence tricksters have used for centuries, only now being manifested in digital form.
How can we avoid being hacked?
Beware of banks/building societies asking for personal sensitive information. (No financial institution will never ask you to do this).
If a ‘friend’ is getting in touch with a strange request, or has sent you a suspicious link, be alert. Phone your friend, if necessary, to confirm that they have sent the email to you.
Avoid being too open on Social media, check what that your posts can’t be used against you in a negative way. Be very careful with the public accounts such as Twitter and Instagram.
Be alert to links that look unusual or have suspicious URL’s (Uniform Resource Locator) Hover over it with your mouse to see where it will take you BUT DON’T CLICK ON IT!
Finally, the most important bit of advice is to get a good Internet Security Software Package with a good Antivirus Software. The Norton 360 range or the McAfee Internet security are both reliable and trustworthy brands offering you the best security software. These will keep your protection of your devices up to date with the latest defence against the evolving security threats.
Common sense is your first defence against most spear phishing scams. If something looks dodgy or sets off alarm bells, then trust your instincts.