Posted On 06 Apr 2021
Many people will have heard of phishing attacks online, attempts to persuade people to hand over personal details, account passwords etc., but they may not be as aware of spear-phishing, even though it actually makes up 91% of all successful Internet attacks.
The difference between the two is that phishing is a very general form of attack, trying to trick users into handing over information with broad-based tactics. Spear-phishing, on the other hand, uses personal details to specifically target a victim: criminals will use personal details such as the name of the victim’s employer, their hobbies, the names of their friends, etc, to give the victim more confidence that the email they are receiving is legitimate, and so to make them more likely to follow instructions or click on links that it contains.
Spear-phishing has become increasingly sophisticated, to the extent that now it is very hard to identify this type of attack unless the victim is properly aware of the way in which these attacks work. The perpetrators will harvest as much personal information as they can from social media, e.g. friends lists, and then leverage this to gain the information they desire.
Fortunately, spear-phishing can be relatively easily combated by following a few simple rules, as follows:
• Be careful about what you post on the Internet and think about the amount of personal information an attacker can access. Try to limit the levels of personal information you share and configure your privacy settings to make it more difficult for them.
• Don’t use the same password for more than one account. This is really basic Internet security: using securely generated passwords is one of the best ways of protecting yourself.
• Always install the latest software updates which will have the best chance of defeating new forms of attack.
• Avoid email links: don’t automatically click on links in emails, think about who the email is from and where it is taking you. If you hover over a link, you can see the address and can check that it is going to a legitimate website.
• Use common sense: if you get an email from a friend asking you for a password, don’t reply directly, check back with that friend via a known and trusted email address to see if it was really them asking.
• Make sure you have proper malware protection at both home and work, ensuring that your system will identify and quash spear-phishing attacks even if you don’t.