One of the newer techniques employed by scammers is that of spear phishing. Phishing has been around for awhile and it’s defined as attempts by scammers to get email recipients to click on email links and redirecting them to their own web pages. These pages will mimic authentic sites and they will then try to entice the user to enter their account information. Amongst the more common types of phishing are these emails that appear to be from reputable banks threatening to cut off accounts if the account isn’t logged in. Most individuals are too sophisticated for these blatant attempts to steal credentials.
One of the newer attempts has been labeled as “spear-phishing”. Spear-phishing is where an individual specifically targets their victims – usually within a specific organization. With the proliferation of information on the Internet, it is very easy for a scammer to gather information particular to an organization such as: department names, manager names or perhaps even project names.
The scammers will then use methods to find individuals employed by a specific organization and target them for attack. The email itself has the same intent – it either has a malware “payload” (i.e. Trojan horse or other forms of mal-ware), or it attempts to convince the reader to click on a link. The premise behind spear-phishing is that by referencing projects, manager names or other organizational information, this form of social engineering will give the email a sense of credibility and increase the chance of the reader clicking on links.
The same ways of protecting yourself applies to phishing and spear-fishing. Never click on links – copy and paste the URL. If it’s a secure site, then look for the https: prefix or your browsers indicator that it’s a secured site and most of all, don’t trust an email just because of the subject or contents of the message
No comments:
Post a Comment