The bad guys love having you do their dirty work for them. They trawl the internet—and even send mail to your inbox—with their baited (with malicious software!) links, hoping you will click on the ad that sounds too good to be true or voluntarily take a survey in hopes of winning a prize. While standard phishing emails are sent to thousands of users in anticipation of a small percentage clicking on a malicious link, spear phishing emails are customized expressly for YOU.
Getting Personal
Spear phishing emails are made just for you. Cyber criminals research their victims and create emails tailored to their interests—sometimes even impersonating people known to them (such as friends and professional contacts identified in social media platforms). How does this work? Chances are, you have safely experienced the very same techniques criminals use for nefarious purposes. For instance, if you’ve ever ‘liked’ or given a ‘thumbs up’ to a group on Facebook or LinkedIn, you know that these social networks use this information to personalize advertising to your interests. Cyber criminals use this same kind of information to personalize their messages to you—only with malicious intentions!
Uh-oh. With all that can be learned about me online, what can I do now?
The good news is … even tailored messages follow a formula that should alert you to potential harm. They ask you to open a file, click a link, and, often, to enter sensitive information (such as your credit card or user name/password) into a form. Never provide this information in response to an unsolicited email. Even if the message comes from your boss, a trusted vendor, or even a reliable friend, take the time to verify the request by phoning the sender. A quick call today may save you a lengthier call later to your help desk (or bank or credit card provider or credit bureau) in the event you just were spear phished!
SMART TIP #1: Hover over the link contained in the suspicious email—if the name changes to something not associated with the request, delete the email immediately (and empty your email trash bin). If you are at work, call your local help desk to see if additional action steps are advised.
SMART TIP #2: Configure your social media privacy settings to ensure that only friends (not friends-of-friends) can see your personal information.
Caught by a Spear Phisher?
Criminals are clever. If you think you may have been fooled, do the following as soon as possible:
· Contact your local IT helpdesk (if at work),
· Run a full-system anti-virus scan, and
· Change your system login password—and any other passwords you think may have been affected.
If you have any additional questions about spear phishing or phishing in general, contact your local IT staff, Circuit IT Security Officer, or ITSO for more information.
1 Security Tip: Social Media: Hello, World! Goodbye, Privacy?
2 FBI News: Business E-Mail Compromise
Getting Personal
Spear phishing emails are made just for you. Cyber criminals research their victims and create emails tailored to their interests—sometimes even impersonating people known to them (such as friends and professional contacts identified in social media platforms). How does this work? Chances are, you have safely experienced the very same techniques criminals use for nefarious purposes. For instance, if you’ve ever ‘liked’ or given a ‘thumbs up’ to a group on Facebook or LinkedIn, you know that these social networks use this information to personalize advertising to your interests. Cyber criminals use this same kind of information to personalize their messages to you—only with malicious intentions!
Uh-oh. With all that can be learned about me online, what can I do now?
The good news is … even tailored messages follow a formula that should alert you to potential harm. They ask you to open a file, click a link, and, often, to enter sensitive information (such as your credit card or user name/password) into a form. Never provide this information in response to an unsolicited email. Even if the message comes from your boss, a trusted vendor, or even a reliable friend, take the time to verify the request by phoning the sender. A quick call today may save you a lengthier call later to your help desk (or bank or credit card provider or credit bureau) in the event you just were spear phished!
SMART TIP #1: Hover over the link contained in the suspicious email—if the name changes to something not associated with the request, delete the email immediately (and empty your email trash bin). If you are at work, call your local help desk to see if additional action steps are advised.
SMART TIP #2: Configure your social media privacy settings to ensure that only friends (not friends-of-friends) can see your personal information.
Caught by a Spear Phisher?
Criminals are clever. If you think you may have been fooled, do the following as soon as possible:
· Contact your local IT helpdesk (if at work),
· Run a full-system anti-virus scan, and
· Change your system login password—and any other passwords you think may have been affected.
If you have any additional questions about spear phishing or phishing in general, contact your local IT staff, Circuit IT Security Officer, or ITSO for more information.
1 Security Tip: Social Media: Hello, World! Goodbye, Privacy?
2 FBI News: Business E-Mail Compromise