12 Days of Cyber – What is Phishing and Spear Phishing

19 Dec 2015

12 Days of Cyber – What is Phishing and Spear Ph...

Not to be confused with the sport of fishing, phishing is the name of a strategy employed by conmen operating online.

Phishing is when a scammer tries to trick people into giving away their private information such as passwords, credit and bank card account details and financial information. They do this by pretending to be a legitimate companies and then trying to convince a target to open a spam email, click on a dodgy link or go to a fake website.

As the years have gone by online scammers have become more sophisticated and a result of that is spear phishing. It is called spear phishing due to its narrowed focus on a target. Unlike phishing where the scammer hopes that someone will be foolish enough to fall for the con; spear phishers do their research to make themselves more convincing and more effective.

 What to Look Out For

Spear phishers attempt to find out as much about their targeted victims as possible. They will most likely know your email address and perhaps a little bit about your personal life. They do this by scouring the internet for their target. Imagine all of the things that you have posted on social media over the years, if your privacy settings are not robust then a phisher can easily find out a lot about you. They can easily learn who your friends are, what business’s you use and the things you like. Spear phishers are likely to send their victims emails that are personalised and be associated with either someone you know or a recent purchase you’ve made. Because the email appears to be from someone you know, you are less likely to be vigilant and give them what they want. If it claims to be from a business you trust asking for urgent action on an order for example, you are likely to act before thinking.

The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: "Hi Bob" instead of "Dear Sir." The email may make reference to a "mutual friend." Or to a recent online purchase you've made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it's a company you know asking for urgent action, you may be tempted to act before thinking.

Make sure to set your social media to private

When using social media always ensure that you use strict privacy settings. Even then however if a contact on your friends list has had their account compromised the scammer may still be able to see your posts. Using information gleaned from social media can allow a scammer to pose as a friend. Never give anyone your passwords or financial details over the internet as you can never be too careful. If a friend does ask for passwords or other sensitive information give them a call to verify that it is indeed them doing the asking.

How much information is out there about you that could be used to scam you? Your name? Email address? Friends' names? Their email addresses? Are you on, for example, any of the popular social networking sites? Take a look at your posts. Anything there you don't want a scammer to know? Or have you posted something on a friend's page that might reveal too much?

Education is the best way to counter the threat posed by phishers. Business leaders should sign up to and take PGI Cyber’s  Cyber Security Awareness Course (CSA) which provides a comprehensive syllabus for protecting your own and your businesses online identity. For more information click here.  

For the latest PGI updates like our pages on LinkedIn – PGIPGI Cyber and Facebook – PGIPGI Cyber



Share this article


Your free global geopolitical
risk dashboard

PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.

The Risk Portal gives users up-to-date information and analysis on global affairs.

The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.

Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.

Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.

Visit the Risk Portal

Subscribe to our Cyber Bytes Newsletter

Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.

Get in touch today

For more information on how we can help you or your business, please contact us via:

Related News

CISMP, CISSP and CISM - what's in an acronym?

20 Mar 2017

There is a wide range of different security courses available, and a mind-boggling array of certific...

Read news article

International Womens Day - Pioneering Women in Tec...

08 Mar 2017

Pioneering Women in Technology – Katherine JohnsonThe Oscar season has been and gone. The...

Read news article

Law Firms and why they need cyber security

06 Mar 2017

Suffering a data breach can be devastating for any company but for law firms the impacts can be part...

Read news article
Back to the News Hub

Follow us

+44 (0)207 887 2699
©2017 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Registered address: Cascades 1, 1190 Park Avenue, Aztec W, Almondsbury, Bristol BS32 4FP