What is Spear Phishing? Here's an example: Imagine you get an email from a friend or family member asking for you to send the password for one of your accounts. The email looks too close to their actual email address for you to see a difference. The person sending the email uses a lot of personal details that you think only your friends and family would know. All of this makes you trust the sender of the email.
Emails like these, that include personal information to trick someone, are used to get people to trust hackers enough to send them private information, like usernames and passwords.
Spear phishing is just a more specific version of phishing. Instead of a hacker sending out a generalized email to a large group of people, they do large amounts of research on a specific target and try to hack them. Hackers could try to find and use specific information such as:
With this kind of information, a hacker could trick you into thinking they are trustworthy. By earning your trust they can gain access to private information. With this information they can blackmail you, steal your access to your accounts, or sell your data.
Check out this link for a little more information on the specifics of spear phishing.
While phishing attacks generally are used to go after large groups of people, spear phishing is a lot more specific to smaller targets. Regular phishing attacks are used to go after bigger groups of targets at once. Very generalized emails are usually sent out to try and trick the hackers’ targets into clicking on a malicious link.
Phishing attacks go after many targets at once in hopes that at least a few people will fall for their fake email. Spear phishing puts in a little more effort when it’s used to go after personal information.
A spear phishing attack requires a hacker to try and build trust with their target to gain access to the information they want. Hackers may try to pretend to be someone the target is familiar with, someone they already trust. Spear phishing emails are a lot harder to spot at first because of how personalized they are to each target.
Avoiding general phishing hacks is pretty simple and can be as easy as not opening suspicious looking emails. Some super easy ways to avoid a phishing hack are:
The best way to avoid a phishing hack is to not open any emails that don’t look completely trustworthy. As well as never opening any links in those untrustworthy emails.
A lot of the tactics for avoiding spear phishing hacks are the same as those for phishing attacks. For example:
Check out this link for a more in depth explanation on each of these tactics and a few more tips.
We provide cybersecurity protection exclusively for small, high-value companies in highly-regulated industries including financial services, medical/biotech and government contracting.
Have questions or feedback? Please share them in the comments below.
Like this article? Share it!