What is Spear Phishing? Risks, and How to Avoid Being Hacked
Hackers are always looking for ways to manipulate unsuspecting Internet users into accidentally sharing their personal information.
Phishing is a social engineering hack where a scammer will send fake emails that appear to be from a reputable person or company, but are designed to trick a user into submitting their personal information or installing malicious software on their device.
Spear phishing is an even more dangerous form of phishing which you need to be extra careful about.
What is spear phishing exactly?
Spear phishing is when a scammer researches personal information in order to craft highly personalized phishing attacks just for you. These attackers often target higher profile people like executives or financial services workers in order to maximize the amount of sensitive data they can acquire—but anyone can be a target.
How is spear phishing different from regular phishing?
Unlike normal phishing attempts, which are often generic and have obvious signs of fraud, spear phishing attacks are targeted directly at you.
Spear phishing hackers use detailed personal information in their attacks, and can even involve a real person communicating back and forth with anyone who is fooled by the scam. Typically outreach is by email, but spear phishers are becoming more sophisticated, using SMS or even LinkedIn messaging to establish credibility.
These hackers may research your job, your hobbies, or other details about your personal life in order to customize the attack. They may text you pretending to be your boss, or a FedEx or PayPal employee asking you to verify your account, or even a personal friend requesting you wire them money to help them out with a problem.
The numbers behind the scam
Spear phishing emails are the most popular type of targeted hacking attack, and phishing is on the rise.
- Spear phishing attacks are used by almost 2/3rds of all known groups carrying out cyber attacks.
- Phishing attacks are more than 3 times as common as they were less than two years ago.
- A recent study found that 43% of people targeted with simulated spear phishing emails were tricked into sharing personal information, with older women showing the highest rate of susceptibility.
- Spear phishing makes up 65% of all targeted hacking attacks, with research suggesting 1 in every 4,200 emails sent on the internet is a phishing attempt.
What to do if you’ve been a victim
Phishing attacks can be a huge problem if you’ve been fooled. If you think you’ve been attacked and may have given sensitive information to a scammer, there are a few steps you can take to try to get things under control.
Check your bank accounts for signs of identity theft
If the attack was financial in nature, you may be at risk for identity theft.
Check your bank statements for unfamiliar charges. Look closely for new credit cards or loans that may have been taken out in your name. If your credit score has recently dropped, or you begin receiving inquiries on your credit report, you may have been targeted by identity fraudsters. If so, call your bank immediately.
Secure your accounts and change your passwords
If spear phishers have acquired your password, you need to change it immediately. Use strong, unique passwords for all your accounts, and never use the same password more than once. Consider using a password manager like 1Password, and enable Two-Factor Authentication for all your most sensitive accounts.
Keep your account and app security up to date
Hackers are always looking for vulnerabilities in the apps on your smartphone. Make sure that you’re always updated to the latest version of all of your apps, so you always have the latest app security patches installed in the software you use.
Report phishing attempts to the FTC
You can forward phishing emails directly to the Federal Trade Commission at reportphishing@apwg.org. If the phishing message came by text, you can forward it to SPAM (7726). You can also report other cases of digital fraud at: ReportFraud.ftc.gov
Don’t reply to unknown senders
Above all, don’t reply to these messages. If you reply, click links, or otherwise engage, the phishing attacker knows your account is live, and that you’re susceptible to follow-up attacks.
Prevention and Protection Measures
The best way to stay clear of phishing hacks is to protect yourself with proactive preventative measures. It’s important to understand that while spear phishing attempts are common, you can be safe if you plan ahead and understand the risks.
Protect your information
As most phishing attacks happen via email, you need to be extremely cautious when engaging with messages from people or companies you aren’t expecting.
- Do not reply to messages that request personal information, or come from unexpected sources. This includes requests to log into your account on behalf of someone else.
- Never give away 6-digit verification or 2-Factor Authentication codes. If someone asks for your verification numbers, it’s definitely a scam.
- Optimize your email spam filters. If your email provider (Gmail, Outlook, iCloud, etc.) has advanced settings for filtering spam, turn them on.
Gmail has robust spam filters built-in by default. However, you can go further to customize your Gmail spam filter settings to make sure only approved senders make it through, which can block phishing attempts before they land in your inbox.
You can also similarly customize your Outlook settings or your iCloud mail spam filters.
Look out for fake emails and messages
Whenever you get an email you weren’t expecting, look closely for signs of phishing.
Warning signs to look out for:
- Fake domain names from the sender. Often, a scammer will not have a legitimate email address.
- Unexpected attachments. Do not click or download attachments from unknown senders, especially if they are .exe, .scr, or .zip. Files.
- Typos, bad spelling, or grammar. This is a sign that it’s not a legitimate message.
- Offers of money or prizes. If something is too good to be true, it probably is.
Enhance your personal security
With Cyrus you get:
- 3 bureaus credit monitoring and scores
- 24/7 Response Center
- Identity theft insurance up to $1M
- Online account threat protection
Cyrus Security Features
The best thing you can do is use a comprehensive digital protection service like Cyrus. As soon as you install Cyrus, your entire digital presence is scanned, monitored, and protected, and will alert you if any of your passwords are compromised, or if your email inbox contains spear phishing attempts.
Cyrus also includes identity theft protection and monitors changes to your credit report across all major credit bureaus. If anything ever seems off, Cyrus notifies you immediately and helps you take action with personal attention from our highly trained in-house security experts.
The best protection from spear phishing is total awareness and security from Cyrus. Try Cyrus today.
F&Qs
What is spear phishing?
Spear phishing is when a scammer sends you a message or email, tailored to you and your personal life, in an attempt to trick you into sharing personal account information or money. These often appear to be from a legitimate person or organization, but are actually highly targeted scams.
How does spear phishing work?
Spear phishing tricks victims into sharing personal account information or sending money by pretending to be someone they’re not, often by using personal information about the victims’ life or work. Spear phishers will send emails or messages to people, often using the identity of people the victim knows in real life to trick them into sharing sensitive information.
What is the difference between phishing and spear phishing?
Phishing is a general term for hacking attempts involving fake emails that appear to be from reputable people or organizations. Spear phishing is highly targeted, individualized messages that use information based on the victim’s personal life or work.
Spear phishing attacks are often meant for executives, financial services workers, or other high-profile people who maintain sensitive information or access to databases.
What helps protect against spear phishing?
Always be on the lookout for scams, and be wary of engaging with cold emails or messages. Make sure your computer software and mobile apps are updated to the latest versions, and your email spam filters are functional and optimized. Never share your password or other sensitive information with anyone you don’t know.
Use a personal digital security platform like Cyrus to monitor and protect your accounts from hackers 24/7.