A new mischievous type of phishing variant, known as "spear phishing"--is a rising cyber threat that you need to know about.
Instead of casting out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common--they may work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc.
The e-mails are ostensibly sent from organizations or individuals the potential victims would normally get e-mails from, making them even more deceptive.
How spear phishing works.
First, criminals need some inside information on their targets to convince them the e-mails are legitimate. They often obtain it by hacking into an organization's computer network (which is what happened in the above case) or sometimes by combing through other websites, blogs, and social networking sites.
Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data (or why you should change a password, etc.).
Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.
Spear phishing can also trick you into downloading malicious codes or malware after you click on a link embedded in the e-mail. Malware can also hijack your computer.
What can you do to make sure you don't fall victim to spear phishing?
Keep in mind that most companies, banks, agencies, etc., don't request personal information via e-mail. If in doubt, give them a call (but don't use the phone number contained in the e-mail--that's usually phony as well).
Use a phishing filter...many of the latest web browsers have them built in or offer them as plug-ins.
Never follow a link to a secure site from an e-mail--always enter the URL manually.
See: FBI Cyber Unit tips on how to protect your computer.
For more information and valuable resources visit the FBI Internet Crime Complaint Center
Image via Wikipedia
Instead of casting out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common--they may work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc.
The e-mails are ostensibly sent from organizations or individuals the potential victims would normally get e-mails from, making them even more deceptive.
How spear phishing works.
First, criminals need some inside information on their targets to convince them the e-mails are legitimate. They often obtain it by hacking into an organization's computer network (which is what happened in the above case) or sometimes by combing through other websites, blogs, and social networking sites.
Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data (or why you should change a password, etc.).
Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.
Spear phishing can also trick you into downloading malicious codes or malware after you click on a link embedded in the e-mail. Malware can also hijack your computer.
What can you do to make sure you don't fall victim to spear phishing?
Keep in mind that most companies, banks, agencies, etc., don't request personal information via e-mail. If in doubt, give them a call (but don't use the phone number contained in the e-mail--that's usually phony as well).
Use a phishing filter...many of the latest web browsers have them built in or offer them as plug-ins.
Never follow a link to a secure site from an e-mail--always enter the URL manually.
See: FBI Cyber Unit tips on how to protect your computer.
For more information and valuable resources visit the FBI Internet Crime Complaint Center
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
Leave a comment