Don’t Get Poked by Spear Phishing Attacks: Learn Hackers Methods
These phishing scams attempt to steal your sensitive data, but what happens when they're so realistic they seem tailored directly to you?
You may have heard the term before – phishing – when a hacker attempts to trick someone into giving up personal information. It’s a scam that relies entirely on playing into our sense of trust and awareness. Phishing continues to be one of the most substantial online threats in 2018, and occurrences are growing at an alarming rate. But, what happens when attacks are so personalized they are impossible to tell real from fake?
Increased personalization is the goal of spear phishing attacks. Instead of sending out a collection of mass messages or spoofing an online campaign for stealing waves of user data, spear phishing is aimed at a specific target, which sounds unsettling. Such is the tip of a spear, sharpened and directly aimed at one fish in the pond. But how are these attacks carried out and who is at risk?
Open Season for Spear Phishing
Spear phishing attacks are launched against a targeted individual or organization. When a business has been selected as the target, the hacker is looking to obtain industry secrets or put themselves in a position of financial gain.
The attack itself may start with a low-level employee: the hacker takes time to learn a bit about the person and their position. After their research is complete, the hacker sends a phishing email to coax confidential information or sensitive data, such as passwords, out of the individual.
Different from a standard phishing attack, a spear phishing email will address you by name and may claim to be from an internal department you’re accustomed to dealing with. For example, fake email may claim to be your colleague from IT asking that you confirm your information for the system. The dangerous aspect of spear attacks is how personalized they, customized for you — the hacker’s target.
Always double check the email address in the ‘from’ field. Does it truly originate from within your company or is the email address similar enough, but not quite right? The best defense in the workplace is to stay vigilant and notice where emails are actually coming from. Also, take a moment to have a discussion all the departments you work with, so you know what types of information they will never ask.
Targets Go Beyond Businesses
You don’t need to be an employee or a corporate CEO to be the target of a spear phishing attack. You may be unaware of the sensitive information stored on your personal devices and assume you aren’t a worthy target of these types of attacks. Uh, not so.
When it comes to regular people, spear phishing is more efficient than regular attacks. An attacker may obtain specific information about you such as your name, where you bank, and the contacts you trust. Are you friendly with your local banking repr? Now the hacker also knows this and can create a personalized phishing email that’s aimed at stealing your account details. What’s unsettling is it seems trustworthy – the email addresses you by name, it’s signed by your banking rep, and they even know some of your details.
One way to get started on securing your Android phone is to download a robust antivirus app such as dfndr security, which has an advanced anti-hacking feature. With the ability to alert you of phishing attempts and block potentially malicious links, an app like this can become your line of defense.
Whether you’re on personal or work devices, be sure to check the ‘from’ field of emails to ensure they are originating from an actual trusted source. Basic practices should also be followed like not giving out any personal information or passwords to anyone.