Old habits die hard. How does this apply to the internet security industry? Well, just like our ancestors used spears to catch fish from rivers and streams, cyber-crooks today use highly targeted e-mails and other types of communications to “phish” for sensitive information from you. What they’re after are your personal details or classified information of the company you’re working for.
Narrowing down the targets
So how does this internet security scam work? Unlike the old-school phishing attack, spear-phishing is highly targeted. Cyber-attackers focus on a single user or department within an organization and send more “personalized” messages, instead of mass malicious e-mails aimed at whoever would take the bait. Thus, their target is more specific.
Using familiar information to hook you
Cyber-crooks usually leverage on information they already know – people’s e-mail addresses and other personal details made public on social media (especially on Facebook, LinkedIn), company officials’ e-mail addresses, or other details they’ve obtained through other scams. They also exploit known relationships between employees, members of an organization, or people who have something in common. This way, they manage to devise a convincing message where they ask for (access to) classified data, information.
For example, a spear-phishing attacker may send you an e-mail that looks like an internal communication (from the IT department) in the company you work for, or like a message from a superior asking you for access to a company database/network. In other spear-phishing attempts, they may look like they come from a personal contact or friend. You may be asked to click on a link to an infected website or download infected files, ad-ons or fake OS updates that supposedly help you in your activity. Once you click or download, a virus or spyware gets to your computer giving attackers unauthorized access to confidential data on it.
Thus, spear-phishing attacks may not only compromise your internet security, but that of the company you work for as well.
Because they’re so personalized, spear-phishing e-mails are some of the most dangerous internet security threats out there. And even big organizations such as Google or the U.S. Chamber of Commerce have had their internet security “speared through” by cyber-attackers.
How to recognize and avoid a spear-phishing attack?
- If you receive an e-mail from one of your colleagues at work asking you for login credentials, don’t give them up. Always keep a healthy dose of suspicion about e-mails that target you specifically and ask for credentials. We recommend you go and ask them directly about the e-mail, and give them your credentials, if needed, in person. Also, keep in mind that banks, government agencies or legitimate service providers don’t ask you via e-mail to change or update your personal information (passwords, credit card details).
- If you receive an e-mail from a friend urging you to click on a suspicious link or download a tricky attachment, give him a call first and ask what’s it all about. Always verify! Also, we recommend you have an efficient Link Scanner to flag out all malicious links. BullGuard Internet Security 12 comes with such a feature.
- Separate your work from your personal life – don’t use the same passwords and usernames. This way, if cyber-crooks get hold of your personal credentials, the internet security of the company you work for won’t be compromised as well.
- Make sure all your applications, including your browser, installed on your PC are up-to-date. Out-dated versions can be exploited by spear phishers. A Vulnerability Scanner, such as the one coming with BullGuard’s internet security suite, scans your system for updates and points you where to get them from.
- Get effective protection for your PC, both at home and at work. If you do fall for the trick and download some form of malware, it’s best you have an antivirus to warn you about it. We obviously recommend BullGuard Internet Security 12, as it comes with a proactive antivirus that spots all types of malware, no matter how old or new.