Spear Phishing: A Targeted Attack
Posted August 13th at 12:01 pm | Tags: Catherine Forsythe, data breach, identity theft, phishing, security, spoofing |
from Flying Hamster
One of the common, well known attempts at identity theft is phishing. You may received email asking you to do things like verify your PayPal account or your eBay account. The criminals are casting a wide ‘net’ with broadcast spam to see who will respond. Playing the numbers game, if enough spam is sent out, someone will make the error and carelessly give up their personal information.
Spear phishing is not broad spectrum spamming. It is very specific and targeted. For example, if you received an email from someone from your tech support services asking to confirm your security code, would you do it? The email is addressed directly to you and has your name in the text of the note. A glance at the email address shows that it is a company email. If you send back your security code or password, you may have been ‘phished’ - specifically, you have been ’spear phished’. You were targeted.
Email addresses can be spoofed. And the mention of your name in the text is just social engineering. It is to manipulate you into feeling secure and giving up the information. Obviously, in business, the senior management has access to the sensitive data. One breach there could mean a security problem involving hundreds, perhaps thousands, of files containing information for a staggering number of identity thefts.
The spear phishing is not limited to businesses. It can happen to anyone. An example is the recurring jury duty scam. In this ploy someone may call or write and tells you that you have been negligent in performing your jury duties. You may reply that you did not receive any notification. The hacker then asks you for your social security number to confirm that the documents are indeed yours. And you can guess the rest… it’s spear phishing on a smaller scale.
Obviously, the precaution is to check before giving out any sensitive information. Check thoroughly and then check again. And even then, you may want to say ‘no’…
Just because it looks and sounds real doesn't mean that it is. If you are uncertain as to the truthfulness of an email contact or a mix of email and telephone contacts, do your own research. Do an internet search for the organization or entity and follow up based upon the contact information that you discover. Check out Rip Off Report. This is a great resource which helps unsuspecting consumers make decisions about suspicious emails or offers.
Another good resource is Fraud Watch International.
Above all, use good judgement. If need be, please respond to this blog on this post and I will take a look at the information you have submitted. While I cannot always be 100% accurate, I will do my best.