Spear Phishing – Avoiding the Trap

Trap

Phishing is an attack designed to trick Internet users into giving away confidential information, typically by sending an e-mail posing as a legitimate organization (like a financial institution) and linking to a website disguised as one associated with that institution. Spear phishing is a more sophisticated version of phishing that takes these attacks to the next level. Instead of sending mass communications to a large group of people, spear phishing specifically targets individuals using personal information such as geographic location, recent purchases, or a list of friends to make their requests seem more believable.

 

Why Spear Phishing?

Spear phishing is becoming increasingly more common because they are harder to identify than traditional phishing attacks. The e-mails and phone calls are more personalized therefore, many people fall into the trap.

 

What do these attacks look like? As an example, you may be a Mac user who gets a call from an individual claiming to be an Apple representative, requesting remote access to your computer to fix a bug.  Consequently, if you are a Windows user who gets a phone call from someone claiming to be from Microsoft. More likely, it is probable that this is an attack especially if you have not submitted any type of service request – if the communication is unsolicited, be very wary.

 

Social Media

Your social media profiles are an asset to spear phishing attackers. The more personal information that you make publicly available, the more these attackers can personalize their communications to you and pose as a reputable contact. In today’s world, we give away so much information through social media posts, we don’t always stop to think of how that information may be used against us. Maybe we use Twitter to contact a company regarding a customer service complaint- now an attacker knows that we might expect communication from that company. Our digital footprints are easier to track than ever.  While that doesn’t mean we need to stop communicating with companies through social media, it does mean we need to be vigilant.

 

Signs of Spear Phishing

We will continue with the examples used above. Let’s say you tweet about a specific brand with a customer service complaint. Shortly thereafter, you receive an e-mail from that company apologizing and offering a coupon code for you to use online or in one of their brick and mortar stores. Is there a reason to be suspicious?  In this case, you have reached out to the brand. They may have been able to find your e-mail address if it was on your social media account, or by searching your name and location in their customer database if you have a history of communicating with them. The company is offering you a coupon as compensation, but is not requesting any further information from you to access the discount. Any links in this e-mail go to their official website, not version with a slightly modified name. This is likely to be a communication you can trust.

 

Now, imagine getting a different e-mail. In this message, the company reaches out to you with a letter of apology. They tell you they would like to compensate you, but will need personal information from you to process your gift, like banking details, date of birth, and social security number. The website where you would enter this information may be a somewhat modified version of the company’s official website, (e.g. instead of examplecompany.com you will be sent to examplecompany-gift.com). This email raises red flags!  In this case, we strongly caution you against entering your information, as once collected may be used to access many of your other accounts.

 

What to do if you’ve been attacked 

Spear phishing attacks continue to get more sophisticated, and mistakes can happen. If you are caught in an attack, what can you do to mitigate the damage? The first step is to contact a dependable and qualified managed service provider.  At Net Works, we are your trusted technology resource.  We will help figure out exactly what was stolen by the hackers and help to unwind the damage that was done.  Don’t face the underbelly of the internet all on your own! Get Net Works on your side, contact us today!

Share IT: