Courtesy navigation

Watch out for spear phishing

Watch out for spear phishing

December 11, 2013 by IT Donut contributor

Watch out for spear phishing/spear fishing underwaterEvery day, it seems there’s a new online scam ready to catch up the unwary. Recently it was cyber-criminals posing as a dating agency on LinkedIn in order to harvest data from unsuspecting users of the professonal networking site.

This was a so-called ‘spear phishing’ attack, where online criminals target specific people rather than sending out messages at random. Top corporations and media outlets are increasingly becoming victims of these scams — but that doesn’t mean smaller companies aren’t at risk too.

Spear phishing is an example of social engineering, which sees online scammers manipulate people into sharing sensitive information about themselves or others.

It’s easy to fall victim and there’s no shame in it. These criminals are good at what they do, using flattery, confidence tricks and deception to get the information they want.

Social networks and email are two of the most common routes through which scammers will try and contact you or people in your business. To help you stay safe, here are five ways to avoid falling victim to a spear phishing attack:

  1. Always use your common sense. The most important thing to remember is not to automatically trust any email. Don’t let the presence of familiar personal information in a message lull you into a false sense of security.
  2. Post minimal personal information on social media. Yes, it’s tempting to tell everyone when it’s your birthday on Twitter, or that your son is called Oli, but it’s really better not to reveal information like birthdays, anniversaries or the names and ages of your children. You can always use single letters or initials in place of full names, if you have to tweet about little Johnny’s every move.
  3. If an email requests immediate action, do a little research. Scammers will try and stop you thinking for too long by creating a sense of urgency — like requesting you reply immediately to secure a special offer. Google the company name and get a contact number to ensure the email is valid.
  4. Be careful with emails that relate to current events. For example, emails about the royal baby or the scandal of the moment could well contain links to malicious web sites. Back in 2012, photos of Emma Watson could have been a threat to your company.
  5. Don’t assume emails from people you know are safe. Cyber criminals can collect a colleague’s email address from social networks or the internet and send email to you that looks like it is from them.

The bottom line is that vigilance is key to staying safe from a spear phishing attack.

It may seem like an inconvenience to do extra research when you receive a message you’re unsure about, but in the end it’s worth the time to know who you’re dealing with. 

This post is from Espion, a firm specialising in IT security.

Posted in IT security | Tagged IT security | 0 comments

Comments

Add a comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <p>
  • Lines and paragraphs break automatically.

  • Links to specified hosts will have a rel="nofollow" added to them.

When you click 'Register' to create a new account, you accept our terms of service and privacy policy