What is Spear-Phishing?

You’ve probably heard of the term phishing. It’s something we talk a lot about here at Stimulus Technologies when we educate our customers about avoiding cyber attacks. So what is the difference between phishing and spear-phishing?

Phishing is a term that’s used to describe when a cyber-criminal attempts to get someone to click a malicious link in their email. Phishing attacks are generally wider-spread, where the criminal is sending out the same malicious email out to many people hoping for a “bite,” just like dropping a line in the water and waiting for any old fish to come along and bite it.

Spear-phishing is when those emails are targeted to specific users. In this case the fisherman targets the exact fish he wants and attempts to catch only that fish with his spear. It’s harder to do, but the rewards are greater. This is how the cyber-criminal sees it. The right target will yield him greater results.

How Does Spear-Phishing work?

In a spear-phishing attack the criminal disguises himself as someone the victim knows. Maybe it’s their boss, a co-worker, a friend, or a company they frequently do business with. This familiarity causes the victim to be less suspicious or cautious. They may only take a quick glance at a name or email address, not realizing it’s not quite right.

Using a familiar source also allows the criminal to play on the victim’s emotions. The victim sees an email from a friend and opens it. The message indicates the friend is in some kind of trouble and needs money. The emotional reaction is to help. Who wants to let their friends down?

Maybe it’s your sister asking you to click a link to see a funny cat video or a co-worker asking you to download a file. Scammers also play on people’s

fears. They may send an email claiming the victim is in some kind of legal trouble. The spear-phishing attack isn’t really any of these people, but it can be easy to be fooled.

How do they do it?

Criminals find information about you online. Think of all of the places where you may have personal information – LinkedIn, Facebook, Twitter, Instagram, and message boards are a few of the common places cyber-criminals gather information. LinkedIn indicates where you work, message boards provide interests in sports, politics, and hobbies, and your social media channels provide personal information like the names of your friends and family. Criminals may also be able to see when you’re on vacation or have just gone out to dinner.

How can you prevent being the target of spear-phishing?

Diligence is the best method of prevention. Always check the email address of the sender.  Don’t just go by the name you see. Anyone can put any name on an email. One of the easiest things to look for is the domain name of the email address. If the email is from your boss, does the domain match your company?

Be careful with your personal information. All social media platforms have a way to restrict what information is seen by the public. You can make sure only your trusted contacts can see what you post or your contact information.

Think about what personal information is out there. What are the answers to security questions for your bank and credit card information? If you put your high school mascot as the answer, can anyone who visits your Facebook page figure out what that is?

Have you ever seen those social media quizzes that ask you to come up with your superhero name (or something similar)? Be wary of posting the answer. What did they ask to come up the answer – your first and last initials, the month and day you were born, the first letter of your mother’s maiden name? I’ve seen all of those. Those quizzes may be gathering your personal information without you even realizing it.

Being careful with your information is one of the most important steps in protecting yourself, and your business, from cyber-attack.

Be sure to download our free report - The Top 10 Ways Hackers Get Around Your Firewall And Anti-Virus To Rob You Blind by filling out the form on this page.

Want to receive more security tips? Sign up for our Weekly Security Tips to receive a new tip in  your email each week!