Spear Phishing

I’ve heard of phishing but what is spear phishing? It’s a scam not a sport!


Picture courtesy of Alienvault.com

“Half of people click anything sent to them: So much for counter-phishing training. Even people who claimed to be aware of risks clicked out of curiosity.

Phishing” is the practice of sending out emails that purport to be from a well-known source, such as a major bank or utility provider. Clicking any links will take you to a fraudulent site that will harvest any login details you put in and may install malware on your device.

Spear phishing” is a more targeted version of the above; emails will address you by name and may appear to come from someone senior within your organisation, or from your email provider warning you to change your password.

A 2016 study has shown that some 56 per cent of people will fall for a spear phishing email and click on the links they are sent.

“Security experts often talk about the importance of educating people about the risks of “phishing” e-mails containing links to malicious websites. But sometimes, even awareness isn’t enough. A study by researchers at a university in Germany found that about half of the subjects in a recent experiment clicked on links from strangers in e-mails and Facebook messages—even though most of them claimed to be aware of the risks.”

” The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you.”

The salutation on the email message is likely to be personalized: “Hi Bob” instead of “Dear Sir.” The email may make reference to a “mutual friend.” Or to a recent online purchase you’ve made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it’s a company you know asking for urgent action, you may be tempted to act before thinking.” Full article here.


Picture courtesy of mobilemarketingwatch.com