Not to be confused with the sport of fishing, phishing is the name of a strategy employed by conmen operating online.
Phishing is when a scammer tries to trick people into giving away their private information such as passwords, credit and bank card account details and financial information. They do this by pretending to be a legitimate companies and then trying to convince a target to open a spam email, click on a dodgy link or go to a fake website.
As the years have gone by online scammers have become more sophisticated and a result of that is spear phishing. It is called spear phishing due to its narrowed focus on a target. Unlike phishing where the scammer hopes that someone will be foolish enough to fall for the con; spear phishers do their research to make themselves more convincing and more effective.
What to Look Out For
Spear phishers attempt to find out as much about their targeted victims as possible. They will most likely know your email address and perhaps a little bit about your personal life. They do this by scouring the internet for their target. Imagine all of the things that you have posted on social media over the years, if your privacy settings are not robust then a phisher can easily find out a lot about you. They can easily learn who your friends are, what business’s you use and the things you like. Spear phishers are likely to send their victims emails that are personalised and be associated with either someone you know or a recent purchase you’ve made. Because the email appears to be from someone you know, you are less likely to be vigilant and give them what they want. If it claims to be from a business you trust asking for urgent action on an order for example, you are likely to act before thinking.
The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: "Hi Bob" instead of "Dear Sir." The email may make reference to a "mutual friend." Or to a recent online purchase you've made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it's a company you know asking for urgent action, you may be tempted to act before thinking.
Make sure to set your social media to private
When using social media always ensure that you use strict privacy settings. Even then however if a contact on your friends list has had their account compromised the scammer may still be able to see your posts. Using information gleaned from social media can allow a scammer to pose as a friend. Never give anyone your passwords or financial details over the internet as you can never be too careful. If a friend does ask for passwords or other sensitive information give them a call to verify that it is indeed them doing the asking.
How much information is out there about you that could be used to scam you? Your name? Email address? Friends' names? Their email addresses? Are you on, for example, any of the popular social networking sites? Take a look at your posts. Anything there you don't want a scammer to know? Or have you posted something on a friend's page that might reveal too much?
Education is the best way to counter the threat posed by phishers. Business leaders should sign up to and take PGI Cyber’s Cyber Security Awareness Course (CSA) which provides a comprehensive syllabus for protecting your own and your businesses online identity. For more information click here.
Your free Global Geopolitical Dashboard
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Weekly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.