What are Spear Phishing Attacks?

Spear-phishing defines a more specialized phishing scheme (an attempt by a hacker to obtain confidential information about a user through fraudulent means) targeting a specific employee in order to gain access to a company’s information. In order to do this, an email that appears to come from inside the company or another trusted source is sent to the targeted person. This email must also contain convincing information that appears to be from a trusted source. As with phishing, the target will be requested to click a link to be brought to a bogus website in order to get them to enter in their sensitive information. Sometimes, just clicking the link is enough to install malware on the target’s machine, which may allow the attacker to take control of their computer and continue their scheme. In all cases, however, the request made to the target will appear to be logical in order to be convincing enough. Often, spear-phishing starts with the attacker gathering information from company websites with contact information for individual employees. To protect yourself, it’s important to remember that most companies, banks, agencies and organizations don’t request personal information via email. If you get a request for something like this, it’s best to check with someone internally before responding. Also, using a phishing filter that comes as a plug-in to many browsers is also recommended.

Comments are closed.