Watch out for spear phishing


Date: 11 December 2013

Watch out for spear phishing/spear fishing underwater{{}}Every day, it seems there’s a new online scam ready to catch up the unwary. Recently it was cyber-criminals posing as a dating agency on LinkedIn in order to harvest data from unsuspecting users of the professonal networking site.

This was a so-called ‘spear phishing’ attack, where online criminals target specific people rather than sending out messages at random. Top corporations and media outlets are increasingly becoming victims of these scams — but that doesn’t mean smaller companies aren’t at risk too.

Spear phishing is an example of social engineering, which sees online scammers manipulate people into sharing sensitive information about themselves or others.

It’s easy to fall victim and there’s no shame in it. These criminals are good at what they do, using flattery, confidence tricks and deception to get the information they want.

Social networks and email are two of the most common routes through which scammers will try and contact you or people in your business. To help you stay safe, here are five ways to avoid falling victim to a spear phishing attack:

  1. Always use your common sense. The most important thing to remember is not to automatically trust any email. Don’t let the presence of familiar personal information in a message lull you into a false sense of security.
  2. Post minimal personal information on social media. Yes, it’s tempting to tell everyone when it’s your birthday on Twitter, or that your son is called Oli, but it’s really better not to reveal information like birthdays, anniversaries or the names and ages of your children. You can always use single letters or initials in place of full names, if you have to tweet about little Johnny’s every move.
  3. If an email requests immediate action, do a little research. Scammers will try and stop you thinking for too long by creating a sense of urgency — like requesting you reply immediately to secure a special offer. Google the company name and get a contact number to ensure the email is valid.
  4. Be careful with emails that relate to current events. For example, emails about the royal baby or the scandal of the moment could well contain links to malicious web sites. Back in 2012, photos of Emma Watson could have been a threat to your company.
  5. Don’t assume emails from people you know are safe. Cyber criminals can collect a colleague’s email address from social networks or the internet and send email to you that looks like it is from them.

The bottom line is that vigilance is key to staying safe from a spear phishing attack.

It may seem like an inconvenience to do extra research when you receive a message you’re unsure about, but in the end it’s worth the time to know who you’re dealing with. 

This post is from Espion, a firm specialising in IT security.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.