Spear Phishing vs. Phishing: How to Know the Difference (And How to Protect Your Assets)
Have you been a victim of spear phishing? You may have. Spear phishing differs from phishing in that it is highly targeted to the recipient. Most phishing scams consist of emails that go out to a large number of recipients. That type of scam is most likely familiar to most of us by now.
But spear phishing is a little different and slightly more dangerous. Spear phishing appears as emails designed to look like someone that the recipient knows or recognizes. They’re designed to build trust to elicit a click, gaining access to the recipient’s sensitive information.
We live in a highly connected age, which provides many advantages to our daily lives. But with that connectivity comes added risk. We must constantly be on the lookout for criminal behavior. Too many people are vulnerable to these types of phishing scams, including businesses of all sizes.
The biggest problem with spear phishing today is it has become more sophisticated, fooling more and more people into giving cybercriminals access to their information before realizing they’ve been exposed.
Up until recently, users could easily detect phishing emails by checking the sender’s email address. Phishing emails often contained misspelled words and poor grammar. They are pretty easy to spot.
Today’s more educated cybercriminals take the time to mask their email, tailor their message to the recipient, and spend time making the email content look legitimate. That’s the danger of spear phishing. If you’re not paying attention, you might become a victim before you realize you’ve been duped.
“Signs of a phishing scam may include generic greetings, urgent action requests you did not initiate, requests for personal information, and even baseless threats.” – SPEAR PHISHING AND COMMON CYBER ATTACKS (Office of the Director of National Intelligence)
There are a few things you can do to protect yourself from spear phishing attacks.
Don’t click on links in any emails. If you receive an email from a person or a company that you recognize, go directly to that site to log in.
Do not send your personal information via email to anyone. If you receive an email asking for your personal information, such as your password or social security number, contact the company or site directly to verify they need that information. Most of the time they do not need your personal information.
Do not open email attachments unless you trust the source. The attachment could be a gateway to your computer. Cybercriminals could use the attachment to open your computer up to install malware or ransomware.
Never share your usernames or passwords with anyone. And use strong passwords that are not so easy to remember. Change them frequently.
Sign up for two-factor authentication, like Authy or Google authenticator. Both are free services.
Enroll in Proofpoint Essentials Security Awareness offered by Ameritech Data Solutions. It allows you to test your work environment with teachable moments and training. Contact firstname.lastname@example.org for more details.
Keeping your personal and professional sensitive information safe may seem like extra work that takes a lot of time. But in order to protect your personal and business assets, it’s worth the extra trouble. It will also provide peace of mind to your customers and clients, especially if your business collects and stores data.