This post about spear phishing was inspired by my ambassadorship with HotSpot Shield.
Most of us are savvy enough to recognize phishing email scams when we see them, and truthfully, it’s a pretty low number of people who fall for the old banking scam emails anymore.
That’s exactly why more phishers are turning to Spear Phishing. It’s a much more targeted version of phishing, and it’s tricking a heck of a lot more people.
Spear phishing uses content that is customized and of interest to the target, which is why the success rate is so much higher.
Just like regular phishing, the emails appear to come from a well-known and trusted source and will ask for something that seems like a logical request.
For instance, a letter on university letterhead to university students might ask them to click to verify something in their account or with their grades, or corporate employees might be asked by someone seemingly higher up in the company to click a link or sign in with their credentials.
If just one student or one employee falls for it, the whole system is compromised.
Scary stuff, huh?
We’ve learned to be suspicious of requests for personal data when they’re unexpected, but when it seems to come from a source we trust, it can be trickier.
Tips for Avoiding Phishing Scams & Maintaining Online Security
Most companies, banks and institutions don’t request information via email. If you’re suspicious, call the company directly. (Don’t use the phone number provided to you in the email though.)
Never click on the links in emails. Instead, type them manually.
Use a phishing filter and malware blocker. (Included in Hotspot Shield)
Use a VPN service to block your IP and internet activity when on public internet connections. (Hotspot Shield is a free VPN.)
Be aware of the most common phishing email subject lines (according to Websense.com)
1. Invitation to connect on LinkedIn
2. Mail delivery failed: returning message to sender
3. Dear Customer
4. An “Important Communication” notice of some sort
5. Undelivered Mail Returned to Sender
The one that scares me the most is the invitation to connect on LinkedIn! I guess I’ll be going directly to the site to respond to invitations from now on instead of clicking on emails.
Have you ever fallen victim or come close to being a victim of a phishing scam?