Home / Stories / / Don’t fall victim to spear-phishing

Don’t fall victim to spear-phishing

August, 2017
Don’t fall victim to spear-phishing

When CNN reported that a “prankster” in the UK had managed to spear-phish White House officials, we wanted to share few thoughts about online security, spear-phishing and avoiding the sharp end of that awful spear.

Spear-phishing is tricky

“Phishing” is a broad term for when a malicious actor impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details or credit card numbers. It generally casts a wide net.

Spear phishing” is more targeted, hence the name, and uses personal details to trick you. It’s more sophisticated, and, unfortunately, research shows that it works.

Reviewing the White House email messages posted online reveals the sender used details about previous meetings and conversations to make themselves sound legit, and it worked. In this case, this information could have been culled from media coverage.

The rest of us who aren’t in the public eye still need to be sharp. We share personal information on social media accounts, professional networking sites, blogs, comments and so on. Clever perpetrators can use this seemingly innocuous information to their advantage.

Verify before sharing personal information

This can’t be overstated. Today, more and more of our sensitive information is stored online, and we all need to do our part to thwart attackers and protect ourselves. Protecting our logins is critical. It’s up to all of us to look out for scam websites and suspicious links.

If there’s something “phishy” about a message, try confirming through another method like a phone call, text or asking in person. Though he didn’t share his password or other highly secure information, Homeland Security Adviser Tom Bossert did pass along his personal email, unsolicited, because he trusted the message despite it being flagged by his email system. This brings us to our next thought.

When your email system flags a message as suspicious, you should…be suspicious

It stands out that at least one of the fake messages arrived flagged as [SUSPECTED_SPAM] by Bossert’s email service. That should be an immediate red flag to double-check where the mail came from before trusting it.

“Sometimes there are false positives, but it’s worth having an IT person check it if you don’t know how to do it yourself,” said Dave Miller, Mozilla Network Administrator. “This is especially true when a message gets spam-tagged, and it’s seemingly an ‘in-company’ mail, from someone in the same organization as you.”

Avoid the hook

Whether or not you’re being “pranked” or phished, if someone is provoking you over email, it’s best not to take the bait. Don’t respond to spear-phishing efforts. Mark the message as spam, forward it to your IT department or your email provider and move on.

Do you read what you like
?

We are your one-stop-shop for your digital products and we think far beyond classic websites and we are dedicated in how we can make you more successful through online services. We create digital experiences that sustainably bind your customers to your company. We deliver sustainable online strategies, visionary web solutions, and brand-building designs. We reliably connect your brand to your target audience. We are Thelematics
Enquire for a Copywrite project
Connect your online journey *
* Connect your journey will start initiating your ecommerce onboarding. Domain name and ecommerce business (from $6,840)
Copyright 2023, Thelematics Inc. All rights reserved. Powered by ⚡ CONNECT, 2u2 Web Technologies
heartusercartmagnifiercrossmenuchevron-uparrow-right