Perhaps you remember hearing about people getting requests from a Nigerian prince, a scam known as Phishing? Hackers spread wide nets, playing the numbers and hoping to take advantage of people’s naivete and generosity. Today’s hackers are far more sophisticated and target their victims by using specific information in their communication.
Spear Phishing is when the hacker has done his homework and gathered or purchased personal information or group information from social networking/social media sites or the dark web. Armed with such intimate knowledge they can send targeted emails that seem legitimate and authentic. This type of attack typically involves language that indicates urgency, taking advantage of your desire to be helpful and provide timely responses.
The primary risks of Spear Phishing are victims providing access to bank accounts, sufficient data to allow the hacker to create new identities, opening the enterprise to downloading malware and/or malicious code.
Most Spear Phishing attacks are delivered via e-mail or through SMS, Messenger or other online messaging systems.
To avoid becoming a victim, you should:
- be careful about sharing personal details
- check in with the ‘sender’ directly
- use a variety of passwords, not just the same one for everything (random phrases or words are best)
- update your software often
- not click on embedded links in email
- use common sense: no legitimate friend or colleague should be asking for high-risk details like passwords or SSNs
- train with AUMINT.io