You may have heard of phishing, a cyberattack whereby a criminal sends out mass emails containing a link to a fraudulent website in hopes of tricking a user into entering their credentials or downloading an attachment with malware. In the case of spear phishing, the criminal instead chooses to target a single individual for a higher rate of return.
In spear phishing, the criminal uses social media and public information on business websites to find as much personal information as possible. The criminal is able to impersonate people close to the target or send urgent messages about threats that would causes them to act quickly and not double check the information.
For instance, imagine you receive an email that your little brother’s university is in need of $5,000 or else he will be dropped from his fall courses immediately. If the email had your brother’s name, his school logo, and a statement that your brother named you the point of contact for his account, you might be influenced to click the link. However, this is all information that could be found on social media – your family connections, affiliated institutions – and thus you should be wary. Call your family member. Verify separate from the email before clicking any links.
If it turns out to be a spear phishing attempt, report the email using your institution or email server’s reporting function.
How to Safeguard against Spear Phishing Attacks
If you’re not expecting an email, call the source to verify that it is legitimate. Be especially wary of any emails that are urgent, request money, or instruct you to open a link or PDF.
Secure your social media pages by setting them to private and keep personal details private to limit the amount of ammunition available for social engineering scams.