Common Spear Phishing Scams
With everything else in the world growing and evolving with technology, hacking and scamming trends are no different. The introduction of the internet began a whole new genre of thievery which has gone on to unavoidably plague any computer and personal device with internet access. Spear phishing is a current major scam tactic that everyone should be aware of. Over 90% of security attacks use spear phishing at some point.
While it can feel scary or unsettling to think about scammers attempting to access your information, don’t worry just yet! By actively staying on top of scamming trends such as spear phishing scams, and taking the recommended precautions, you can lower your chances of being scammed online significantly. Many preventative measures and procedures exist that can help protect your data and devices from unwanted thieves or intruders.
So, what exactly is spear phishing, and why should I keep an eye out for it?
What is Spear Phishing?
Spear phishing is a name for scams that attempt to trick the recipient into giving confidential information to the scammer, through a personalized angle. Spear phishing scams are almost always email scams. Links or attachments can also be used, tricking the recipient into downloading malware to give the attacker access to their computer system and data.
Another name for spear phishing is “targeted phishing.”
Spear Phishing Vs. Regular Phishing
Spear phishing differs from generic phishing by its targeted nature; spear phishing attacks are messages typically personalized based on public information the attacker has found on the recipient. This can include topics surrounding the recipient’s expertise, role in the organization, interests, public and residential tax information, and any information attackers can glean from social networks. These specific details make the email appear more legitimate and increase the chances of the recipient clicking links or downloading attachments.
Spear phishing is a more advanced and pinpointed form of phishing, and is now being used more than generic mass phishing, as it tends to generate better results for scammers. By knowing certain information about individuals and playing off that known interest or personal piece of information, scam artists are often quite successful in fooling unsuspecting victims.
How Does Spear Phishing Work?
Spear phishing is a more targeted cyber-attack than phishing. Emails are personalized to the intended victim. For example, the attacker may identify with a cause, impersonate someone the recipient knows, or use other social engineering techniques to gain the victim’s trust.
A sophisticated spear phishing campaign starts with reconnaissance where the attacker researches the targeted company or single victim. The attacker will collect email addresses and organization charts to better understand the way a business runs and the high-privileged targets that could have unlimited access to important data.
The next step is to craft a tailored email message. The message might contain a link to an attacker-controlled site or a link to malware. Some attackers combine emails with social engineering to convince a target to perform an action like sending money, downloading malicious software, or providing credentials.
Common Spear Phishing Scams
- Fake Websites
A spear-phishing cyber criminal will design a carefully-worded phishing email which includes a link to a spoofed version of a popular website. The website imitates the layout of the original site to trick the victim into entering their account credentials. Due to the targeted nature of spear phishing, the nature of the email could be regarding a topic the recipient is interested in or has purchased in the past. If a person is not careful and doesn’t inspect their messages carefully, they could easily click a link on a familiar-looking email, to wind up on a familiar-looking site, and not even realize that they were on a fake website the entire time.
- Impersonation Fraud
An attacker will sometimes take control of an email address familiar to the employee, such as their company’s CEO, Human Resources Manager, or IT administrator. The hacker will assume this individual’s identity and ask them to complete an urgent action, such as transferring funds, updating their personal information, or installing a new app. This type of fraud is common in emails, and is also common on the social platform “Indeed.” A criminal could receive money or personal information from this type of spear phishing.
- Malware
In these types of spear phishing attacks, an attacker will try to trick an employee into clicking on a malicious email attachment. Usually, this type of attack is carried out with a fake invoice or delivery notification. As a result, damaging malware is then downloaded and allowed to access the system. It is important to train all employees on the importance of online safety and fraud prevention in order to ensure your company is strong, with no cracks or weak links. It can take just one employee for a cyber threat to penetrate an otherwise strongly secured system.
- Smishing
Smishing is an SMS-based spear phishing attack where a hacker will send an SMS or voice message asking the recipient to click on a link and update their account details, or change their password. The link will then take them to a phishing website.
- Vishing
An unknown caller will call the victim and leave a voicemail, urging them to return the call and hand over personal information, usually by impersonating someone close to them or from a trusted company.
Individual vs. Business Spear Phishing Scams
When looking at spear phishing attacks, it’s important to note that they are perpetrated against both individuals and businesses.
During an individual spear phishing attack, a cyber criminal will usually pretend to be a business the individual trusts, such as a bank or well-known brand, to send them a “transaction confirmation” or “shipping notice.” These emails are crafted to look important to trick the individual into opening the email and clicking a malicious link or sending confidential information the attacker can then use to commit further crimes.
During a business spear phishing attack, a hacker will target two to three company employees, sending messages to them, impersonating their boss, and directing them to transfer money, provide their login credentials or other confidential information.The attackers will use high-pressure language, telling victims that if they don’t act quickly, the company will suffer further financial consequences.
How ComRes Can Help
The first step in the prevention of spear phishing scams is to read articles, like this one, and be wary of the methods that scammers use to obtain your information. Another general way of protecting yourself or your business from fraud is by installing effective virus protection and identity protection software that can help to block out malicious threats. Here is where ComRes can help! Call us today at 954-462-9600 or fill out our online form to find out the best ways to protect your data and sensitive information.