Phishing is a scam where scammers try to obtain valuable information by imitating a well-known brand. Spear phishing is targeted at individuals and aims to infiltrate a company’s computer network. Avoid scams by not clicking links or opening attachments, and reporting suspicious emails to the right person.
Phishing refers to a scam analogous to fishing – hence the name – in which the scammer tries to obtain valuable information by luring or luring a person with genuine-looking but bogus communication who gains credibility by imitating a well-known corporate brand such as that of a bank, credit card company, e-tailer, social media site or payment site. The term originated in 1996. Spear phishing continues the analogy and denotes a specific style of phishing.
Phishing emails are sent to a large audience and generally give a dire warning, stating that something bad can only be avoided by the recipient confirming certain information. The information is usually personal and critical, such as a social security number or account number and password. A hyperlink in the email takes the recipient to a website where information is collected, resulting in the recipient losing a bank account or being the victim of identity theft.
Spear phishing emails differ from phishing emails in several ways. First, they are sent to a targeted audience, such as employees of a particular organization or members of a particular group. Second, the email appears to come from a colleague within the organization or group and is often more carefully constructed than phishing emails, which can show obvious signs of forgery. Third, the goal is not simply to obtain a name, password or credit card information from an individual, but to infiltrate a company’s computer network.
One of the more notable spear phishing attacks, often referred to as “whaling” due to the caliber of the target audience, was a 2008 double whammy attack against approximately 20,000 senior corporate executives. Two thousand fell from the first attack but only 70 from the second. Both attacks masquerading as an official subpoena to appear before a federal grand jury, and clicking on the link to what should have been a more complete copy of the subpoena actually led to a site where a further click installed a software on their computer that allowed their login credentials to be stolen. The malware in the first case was caught by only eight of the top 35 anti-malware products, and the modified malware was caught by only 11 of them in the second attack.
There are steps people can take to avoid spear phishing scams. If you suspect a scam, you should call the person the email appears to be from. You should never click any links in a suspicious email or open attachments. It’s also a good idea to call your IT department or Internet Service Provider (ISP) for assistance. Rather than simply deleting suspicious emails that might come to your work, it would be better to report them to the right person at your company.
Protect your devices with Threat Protection by NordVPN