How To Spot Spear Phishing Attacks

How To Spot Spear Phishing Attacks

Chloe Seaman
August 16, 2018

When Google changed its sign-in screen, some users panicked. Although Google’s change was legitimate, these tech-savvy users were right to be cautious: When a well-known website suddenly changes its appearance without warning, it’s often a possible sign of a spear phishing attack.

What Is Phishing, Anyway?

Simply put, phishing attacks are scams that involve a person posing as someone you would trust, in the hopes that you’ll hand over valuable information such as usernames, passwords, or even banking or credit card account numbers. The result: identity and financial theft.

Phishing is one of the most common types of cyber-attacks, and criminals are getting increasingly more sophisticated with their schemes. They can spoof phone numbers, email addresses, and websites to look completely legitimate, and these clever attacks often fool even those who believe they’re being cautious.

Spear phishers may seek out victims from any number of sources, across many different industries. For example, homebuyers may be targeted in money transfer scams. Criminals can hack into an escrow company’s database to steal contact information of homebuyers, and then contact those individuals, posing as someone from the company. The request for a wire transfer ostensibly seems to be legitimate and make sense, as they are buying a house and expect to have to pay for certain services.

Tech support scams are also incredibly common, especially among older, less technologically savvy individuals. You may know that tech companies’ support staff would never contact you out of the blue about an issue with your computer, but not everyone is aware of this. Fraudsters are banking on you not knowing that, and there’s an estimated $3 to $6 million being stolen by criminals who call customers to “fix” their computers.

How To Protect Yourself From A Phishing Attack

The best way to avoid falling for a phishing attack is to stay vigilant when it comes to your online presence. Here are a few things you can do to protect yourself.

Pause before you share personal information. Always proceed with caution if a website asks for your personal information, especially if you’re naturally impulsive. Impulsivity is a shared trait common among victims of online fraud, so if you’re quick to act on something, a scammer will know that you’re more likely to follow through and hand over your cash or credentials. Before you enter any information into a website, check your browser to make sure it’s a reliable, tested and trustworthy site with secure connections (look for the “s” in the https://).

Don’t open strange emails or attachments. Before you open an email or an attachment, analyze it. Would your friend send you a Word document with macros in it? If you’re not expecting anything, it’s better to avoid opening it and risk potentially inviting unwanted keylogging programs that could capture your username and password on certain websites.

Practice password safety. Finally, change your password regularly to ensure that your accounts are safe. An old password could be in the hands of a fraudster. And whenever you can, use two-factor authentication, which makes it much more difficult for anyone else to access your accounts.

Disclaimer: The above is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.