What to Know About “Spear Phishing”

The latest scam thrives on familiarity

Most of us are aware of the term “phishing” — a con game in which scammers use spam, malicious websites, and online messages to trick people into divulging sensitive financial or personal information.

Now there is a new twist on the old game, called “spear phishing,” and it is vital that everyone become aware of this increasingly popular tactic for scam artists.

Rather than casting a large net and hoping someone bites, spear phishing utilizes personalization, pinpointing you as the specific target.

“The emails are ostensibly sent from organizations or individuals the potential victims would normally get emails from, making them even more deceptive,” the FBI website states. Since you are familiar with the sender, you may be less vigilant and more apt to act without thinking.

How it works: Using your web presence against you

An angler looking to spear-phish will troll social networking sites, blog pages and utilize any piece of information you put out there to his or her advantage. The scammer can easily get your email address, gain access to your friends list, gather insight on places you frequent, find out about any recent purchases you may have made and much more. Then the crook will correspond with you, using that information as a means to request sensitive information in a seemingly legitimate manner. They will get you to click on a (fraudulent) link or respond to the correspondence and provide account information, PIN codes, username and/or passwords, etc.

How to avoid getting caught up in a scam

The most important takeaway from a spear-phishing scare — being smart online — applies not only to a potential stolen identity. How much and what specific information you put out in the online realm makes you susceptible not only to Internet fraud but also to real-life criminals.

Do you consistently “check in” at a certain place and time? That’s prime information for a burglar, especially if you just posted a picture of your awesome new flat-screen TV, for example. Just be careful about the information you divulge that you think is harmless but that could be pieced together to harm you.

Here are a few other tips you should consider to protect yourself from spear-phishers:

Vary your passwords – Make every password you use different from the last, and change your passwords often, advises the website for Norton by Symantec, a popular and reputable online security provider. Internet security software and aspects of your operating system can help you keep track of your various passwords.

Keep your security software up to date – A simple click of the mouse when an update bubble appears could save you from a cyberattack. When you get update notices, don’t ignore them.

Don’t be hasty – Double-check with any source that requests personal information from you. Call or email (in an entirely new thread) to verify its validity. And keep in mind that most companies, financial institutions, etc., will not request personal information via email.

Do it yourself – Similar to starting a new email thread, when you want to check out a link provided in an email, always enter the URL manually rather than following the link provided. Also, if you want to call the alleged source organization, don’t use the number provided in the email — always look up the number yourself to ensure it isn’t fraudulent as well.

The FBI, the U.S. Secret Service and local law enforcement are working diligently to remove threats from these criminals. But ensuring you are aware of the issue of spear-phishing and prepared to avoid it is a great start.