Hackers are always looking for ways to manipulate unsuspecting Internet users into accidentally sharing their personal information.

Phishing is a social engineering hack where a scammer will send fake emails that appear to be from a reputable person or company, but are designed to trick a user into submitting their personal information or installing malicious software on their device.

Spear phishing is an even more dangerous form of phishing which you need to be extra careful about.

What is spear phishing exactly?

Spear phishing is when a scammer researches personal information in order to craft highly personalized phishing attacks just for you. These attackers often target higher profile people like executives or financial services workers in order to maximize the amount of sensitive data they can acquire—but anyone can be a target.

How is spear phishing different from regular phishing?

Unlike normal phishing attempts, which are often generic and have obvious signs of fraud, spear phishing attacks are targeted directly at you.

Spear phishing hackers use detailed personal information in their attacks, and can even involve a real person communicating back and forth with anyone who is fooled by the scam. Typically outreach is by email, but spear phishers are becoming more sophisticated, using SMS or even LinkedIn messaging to establish credibility.

These hackers may research your job, your hobbies, or other details about your personal life in order to customize the attack. They may text you pretending to be your boss, or a FedEx or PayPal employee asking you to verify your account, or even a personal friend requesting you wire them money to help them out with a problem.

The numbers behind the scam

Spear phishing emails are the most popular type of targeted hacking attack, and phishing is on the rise.

• Spear phishing attacks are used by almost 2/3rds of all known groups carrying out cyber attacks.

• Phishing attacks are more than 3 times as common as they were less than two years ago.

• A recent study found that 43% of people targeted with simulated spear phishing emails were tricked into sharing personal information, with older women showing the highest rate of susceptibility.

• Spear phishing makes up 65% of all targeted hacking attacks, with research suggesting 1 in every 4,200 emails sent on the internet is a phishing attempt.

What to do if you’ve been a victim

Phishing attacks can be a huge problem if you’ve been fooled. If you think you’ve been attacked and may have given sensitive information to a scammer, there are a few steps you can take to try to get things under control.

Check your bank accounts for signs of identity theft

If the attack was financial in nature, you may be at risk for identity theft.

Check your bank statements for unfamiliar charges. Look closely for new credit cards or loans that may have been taken out in your name. If your credit score has recently dropped, or you begin receiving inquiries on your credit report, you may have been targeted by identity fraudsters. If so, call your bank immediately.

Secure your accounts and change your passwords

If spear phishers have acquired your password, you need to change it immediately. Use strong, unique passwords for all your accounts, and never use the same password more than once. Consider using a password manager like 1Password, and enable Two-Factor Authentication for all your most sensitive accounts.

Keep your account and app security up to date

Hackers are always looking for vulnerabilities in the apps on your smartphone. Make sure that you’re always updated to the latest version of all of your apps, so you always have the latest app security patches installed in the software you use. 

Report phishing attempts to the FTC

You can forward phishing emails directly to the Federal Trade Commission at reportphishing@apwg.org. If the phishing message came by text, you can forward it to SPAM (7726). You can also report other cases of digital fraud at: ReportFraud.ftc.gov

Don’t reply to unknown senders

Above all, don’t reply to these messages. If you reply, click links, or otherwise engage, the phishing attacker knows your account is live, and that you’re susceptible to follow-up attacks. 

Prevention and Protection Measures

The best way to stay clear of phishing hacks is to protect yourself with proactive preventative measures. It’s important to understand that while spear phishing attempts are common, you can be safe if you plan ahead and understand the risks.

Protect your information

As most phishing attacks happen via email, you need to be extremely cautious when engaging with messages from people or companies you aren’t expecting. 

• Do not reply to messages that request personal information, or come from unexpected sources. This includes requests to log into your account on behalf of someone else.
• Never give away 6-digit verification or 2-Factor Authentication codes. If someone asks for your verification numbers, it’s definitely a scam.
• Optimize your email spam filters. If your email provider (Gmail, Outlook, iCloud, etc.) has advanced settings for filtering spam, turn them on.

Gmail has robust spam filters built-in by default. However, you can go further to customize your Gmail spam filter settings to make sure only approved senders make it through, which can block phishing attempts before they land in your inbox. 

You can also similarly customize your Outlook settings or your iCloud mail spam filters.

Look out for fake emails and messages

Whenever you get an email you weren’t expecting, look closely for signs of phishing. 

Warning signs to look out for:

• Fake domain names from the sender. Often, a scammer will not have a legitimate email address.
• Unexpected attachments. Do not click or download attachments from unknown senders, especially if they are .exe, .scr, or .zip. Files.
• Typos, bad spelling, or grammar. This is a sign that it’s not a legitimate message.
• Offers of money or prizes. If something is too good to be true, it probably is.

Enhance your personal security

With Cyrus you get:

• 3 bureaus credit monitoring and scores
• 24/7 Response Center
• Identity theft insurance up to $1M
• Online account threat protection

Download Cyrus

Cyrus Security Features

The best thing you can do is use a comprehensive digital protection service like Cyrus. As soon as you install Cyrus, your entire digital presence is scanned, monitored, and protected, and will alert you if any of your passwords are compromised, or if your email inbox contains spear phishing attempts. 

Cyrus also includes identity theft protection and monitors changes to your credit report across all major credit bureaus. If anything ever seems off, Cyrus notifies you immediately and helps you take action with personal attention from our highly trained in-house security experts.
The best protection from spear phishing is total awareness and security from Cyrus. Try Cyrus today.