By now, everyone should be familiar with phishing emails and their destructive capabilities. However, not as many people know about its sophisticated and dangerous counterpart, spear-phishing.    

What is Spear-Phishing?  

Spear-phishing is an attack on a specific person, or a select group of people. The attacker gains personal knowledge about the intended prey, such as where they live, whom they work for, or what they purchase online. The phisher will then design an email using this knowledge and include a link or file that will either ask for sensitive information or install malware on the recipient’s computer. Employees get ‘speared’ because it is difficult to identify these email messages as fraudulent when they appear to originate from friends, employers, or even a recognized authoritative figure.     

How is this different from regular phishing?  

The major difference between regular phishing and spear-phishing attacks is the personalization efforts that go into spear-phishing. Regular phishing involves an attacker, disguised as a trustworthy source, casting out a massive amount of emails to a large amount of people. These emails are vague and typically do not have information about the intended target. Spear-phishing, on the other hand, is much more isolated and thought-out. The attacker spends a lot of time gathering information and constructing an email that appears to be from a legitimate source for the intended target. This extra effort makes identifying spear-phishing emails much harder than regular phishing emails. Falling for spear-phishing emails could result in losing personal information or the download of malware.   

How do I avoid being speared?  

Spear-phishing assailants become smarter and smarter in the methods used to trick the unsuspecting. Here are a few simple steps combat their efforts and avoid being the victim of a spear-phishing attack.  

1. For starters, check information accessible from social mediasites. If you do not have the privacy settings enabled on your account, everyone—as in complete strangers, can see and have access to your information.  

2. Another proven step isto have a variety of unique passwords for your many online accounts. If you only have one password that you reuse for multiple websites, then an attacker has access to every account.  

3. Also, keep your computer updated with the latest security updates. Security updates typically include changes in codingto better protect you and your information from attacks.  

4. Before opening any email messages, check the email address first to see if you recognize it. If you do not recognize it,do not open it. Simply, delete the message.

5. Finally, install a security system, or virus scanner, onyour computer. The security system will not only protect your device but can also remove malicious software. The scanner will continuously scan for any threats or malicious software.  

Spear-phishing attacks are a complex and dangerous force. However, staying vigilant and following these simple steps will reduce the chance of falling victim to these malicious attacks.   

Author: Emily Cieslewicz, IT Student Tech Consultant

References 

Giandomenico, Nena. “What Is Spear-Phishing? Defining and Differentiating Spear-Phishing from Phishing.” Digital Guardian, 27 Feb. 2018, https://digitalguardian.com/blog/what-is-spear-phishing-defining-and-differentiating-spear-phishing-and-phishing 

Norton-Team. “What is Spear Phishing and How Does It Operate?” Norton, https://uk.norton.com/norton-blog/2016/12/what_is_spear_phishi.html