“Don’t throw those BL##DY spears at me!” – the truth about phishing.November 9, 2017
If spear phishing conjures up images of native tribesmen poised with spears awaiting their next feast, then be warned. The reality is, the danger could be right here in your inbox.
Phishing cyber scams have become increasingly popular in recent years, but spear phishing presents an even bigger and real threat to the integrity of our personal and confidential data. So what’s the difference?
What is phishing?
Phishing is a common scam used by criminals to dupe individuals into giving secure details about a system or organisation without knowingly doing so. They maliciously target individuals through websites, phone calls and emails with the intention of stealing money or disrupting an organisation.
Criminals often send phishing emails designed to impersonate an organisation such as banks or social media networks. They encourage their recipients to open a link resulting in the download of malware or a fake file sharing website. The person will be asked to log in to the website where the fake site will store the log-in credentials for the criminals to use at a later date. This will enable the attackers to find out confidential information such as usernames, passwords and credit card details allowing them to steal from their victims or threaten them for money.
Masses of phishing emails are sent by cyber criminals, to both individuals and businesses, in the hope that someone will fall for the ruse.
Some alarming statistics about phishing???
- People open 30% of phishing emails.
- A recent study found that 56% of individuals open links in emails from unknown senders and 40% of Facebook users clicked on a link from an unknown sender.
- Phishing emails have six times the click-through rate of genuine marketing emails.
- 89% of phishing attacks are orchestrated by professional organised crime organisations.
An eBay scam
A recently televised documentary showed how a gang made millions of pounds from fraudulent transactions targeting customers via the online site eBay. The gang conned thousands of victims out of money by setting up multiple accounts and using fake emails purporting to be from the site itself. Hundreds of victims were robbed of their money and on investigation, the London Fraud Squad found it to be part of a complex money laundering network.
What is spear phishing?
Phishing and spear phishing are similar forms of attack. However, spear phishing scams are personalised to their victims through information gained from profiles and communications uploaded to the internet. Attackers use contact lists, email addresses, friends and geographic locations. They even use purchases recently made to pose as a friend, colleague or a bona fide person from an organisation to fool you into thinking they’re genuine.
Recipients are encouraged to divulge personal information by opening an attachment or link requesting login details or access codes and can be easily tricked into downloading malware. This can threaten personal and/or business devices.
SME’s are now being pinpointed by attackers as employees are the largest, most vulnerable target in most organisations. Employees can now be tested using simulated phishing emails to monitor who responds and would fall victim to the attack. These templated methods are being used as a training tool to help end users identify real-life cyber threats, thus protecting businesses from potentially devastating consequences.
Spear phishing scams are constantly evolving and becoming more and more sophisticated using social engineering. It’s therefore not surprising that in an era of ever increasing social networking and media, these attacks are becoming more prevalent.
Spear phishing emails are often harder to recognise than phishing emails due to the clever use of personal information to target individuals – so beware!
Be vigilant and stay secure against the dangers of phishing and spear phishing
The question is, how can we keep these fraudsters at bay or help the authorities catch them so we can use the internet with greater peace of mind?
- Friendly communications – Be wary of communications from people purporting to be friends or colleagues, asking for personal information or confidential details.
- Social media – Be careful not to put too much information into the public domain via social media.
- Well-known companies – Always question whether emails received from well-known companies such as Facebook, PayPal, eBay, banks etc. are bona fide.
- Links and attachments – Never click on links in emails or attachments until you are sure they are safe. Use common sense – think before the link!
- Threats – Beware of alarmist messages, threats or requests from charitable organisations asking for donations, as they may be fake.
- Security software and backups – Ensure all your devices have anti-virus protection and security filters in place. And remember to always back up your data.
- Report it – Report anything you think is suspicious to ActionFraud, the national fraud and cybercrime reporting centre.
Further help with cyber security, phishing and spear phishing
If you would like further tips on what to do and how to recognise potential cyber scams, then read our table of Cyber security tips.
We can help prevent you or your business from becoming a cyber victim. If you would like to speak to someone regarding the most effective cyber-protection strategies for you then give us a call. We can advise you with software and managed solutions like simulated phishing attacks to test for vulnerabilities.
On a final note, always remember to be vigilant when working online, use common sense and report anything you deem suspicious. And whatever you do, don’t let these unscrupulous cyber-phish slip through your inter–net!