Spear Phishing is a targeted cyber-attack that is used to steal confidential data such as financial information or account details. This is achieved by acquiring personal details about the targeted person, such as their friends, family, or most-frequented shops, before creating a fake narrative to gain the target’s trust. Spear Phishing is often implemented through email, using a fake name or email address to make it seem like the message has come from a known source.
The Differences Between Phishing & Spear Phishing
All Phishing attacks attempt to trick people into sharing confidential information, such as financial details or passwords, for malicious reasons – and Phishing attackers of all kinds often use the same strategy of disguising themselves as a trustworthy individual or brand – however not all Phishing attacks target a specific individual.
For example, a Phishing attack could use a company that is viewed as trustworthy by the general public, like Apple, and send out emails using this disguise to masses of people in the hopes that some of them will fall for it. This tactic will surely fool some people, but in this example many recipients of the email could be Android users, who would naturally become suspicious. Spear Phishing, on the other hand, is a personal attack. This means the attacker will research their target beforehand, potentially finding information such as the target’s full name, date of birth, usernames, most visited online shop, what bank they use, and any other details that can make the email look as legitimate as possible.
How to Identify & Avoid Spear Phishing
Be careful with your online presence – Spear Phishers rely on personal information to lure targets into trusting their emails. The more personal information you post online, the more material an attacker has to create the perfect personalised scam.
Avoid clicking links in emails – Whenever possible, it’s always safer to completely avoid clicking any links in emails you receive. Let’s say you receive an email from Amazon with a link asking you to check recent purchases, whether the email looks suspicious or not, make a habit of finding the page you’re looking for manually (e.g. googling the Amazon website, logging in and checking your previous purchases) rather than clicking through the link.
Inspect URLs – If you receive an email with more of a unique link that you can’t find easily through google, simply hover over the link before clicking it; this will show you the full URL that the link will take you to. When the URL pops up make sure you read it carefully – scammers often use fake URLs that are almost identical to the real one, but you can usually spot a letter out of place or a domain extension that doesn’t fit (e.g. Amazon would use ‘.com’ not ‘.org’). This also applies to the name and email address that the message is being sent from.
Implement data security– If you feel your organisation is vulnerable to these types of cyber-attacks, consider implementing an extra layer of security to avoid data loss. There are many services available through third-parties which will protect your emails to the best of their ability, however, the most reliable and cost-effective way to avoid this kind of situation is to train your employees on what Spear Phishing is, and how to identify the signs.