No, we’re not talking about the sport. We’re talking about one of the internet security threats that have been making a lot of rounds lately. Spearphishing scams are a more evolved form of traditional phishing – highly targeted efforts at identity theft.
The cybercriminal behind these types of attacks utilizes the familiar to make the email seem authentic. Typically, they already have some information on you, the victim, like name or recent purchases. Then, they mention it in the email to make it seem like they know you, in the hopes that you’ll be less guarded if you’re faced with important personal information.
The internet provides spear phishers with a lot of targeting material
A large part of these types of attacks is the cybercriminal gathering information on you to make the email look real. Considering the vast amount of information available about all of us across the internet makes, their task is made quite easy. Have you ever thought about what someone could gather about you across Facebook, LinkedIn, Instagram, Twitter and a quick Google Search? In fact, have you ever Googled yourself?
Spearphishing is the most popular method used to access a corporate network by cybercriminals. Typically employees of big corporations are more educated on internet security and some are even trained in how to recognize spearphishing scams. But, in order to thwart these attacks, we’re relying on humans to make the right decision on whether to open the email or not, or not to open the attachment or click on the link. Cybercriminals always seem to be one step ahead, and their methods are getting more and more advanced as well. For example if their victim was a Chief Financial Officer (CFO), they would disguise their email as a Financial Report to boost their chances of the CFO downloading the file and infecting the system with malware.
The latest in antiphishing is about the same information the cybercriminals use in their attacks. Perhaps we can warn users when emails contain suspicious content and come from an open source? Stay tuned!
Until then however, it’s important to use diligence across both your work and personal online lives.
Here are some general online safety rules:
- Change your passwords regularly
- Keep your settings on social networks set to private
- Double check your emails for unusual addresses, or strangers
- And of course, it’s never a bad idea to have a security suite that can protect you with a state-of-the-art Antivirus and antiphishing solution, as well as a Spamfilter, a Firewall and more.
Get BullGuard Internet Security today to protect yourself against phishing scams!