You receive an email from one of your vendors, requesting a quick electronic payment in exchange for a nice discount. If you have the money, why wouldn’t you immediately take advantage? Here’s why – it may not be from your vendor, even if it references things you only think your vendor would know. They may have obtained enough information to get you to act on a fraudulent request. This is what is known as “spear phishing.”
Spear phishing by a definition is an email that appears to be from an individual or business you know, but in reality it’s from a hacker who is trying to obtain some sort of a valuable resource from you. This scam is, by far, the most successful on the internet today, accounting for approximately 90% of attacks.
The spear phisher flourishes by being thoroughly familiar with you or your company. The majority of information hacker uses against you is obtained by the phisher by scanning through social media sites, company’s website, etc.
How do you protect against it?
- Keep personal and company information as private as you can, especially while using social websites.
- Change passwords frequently.
- Be skeptical of any electronic mail you receive requesting information or payments. Although it looks authentic (even from your boss), it may not be.
- Use a secure, encrypted data sharing site when transmitting data.
- Confirm important data transfers using the telephone, call the person or organization listed in the “From” line before you respond or open any attached files.
- Report any e-mail that you suspect might be a spear phishing campaign within your company.
- Train your people in defensive measures and keep awareness of scams and issues alive in your company.
- Never reveal personal or financial information in response to an e-mail request, no matter who appears to have sent it.
- Never click links in an e-mail message that requests personal or financial information. Enter the Web address into your browser window instead.
- Use Internet Explorer 7 or the Windows Live Toolbar, both of which contain Phishing Filter, which scans and helps identify suspicious web sites, and provides up-to-the-hour updates and reporting on known phishing sites.
For a real world example of how severe the damage spear phishing can be, read the article: