Scam of the day – September 11, 2012 – Spearphishing

By now, most people are aware of the scam tactic referred to as “phishing,” by which you receive an email purportedly from a legitimate company or government agency that has all of the appearances of being a true and legitimate communication from the company or agency, but in fact is from an identity thief who under the pretext of a problem with your account or some other such emergency lures you into clicking on a link contained in the email, which unbeknownst to you downloads harmful malware on to your computer, such as keystroke logging programs, sometimes called Trojan Horses that will steal all of the information from your computer and lead to your becoming a victim of identity theft.  Most often these phishing emails are not directed at you by name, but rather to you as “customer” or “consumer.”  They also may appear to come from companies with which you do not do business as from a bank where you have no accounts.  However, with the epidemic of hacking of large companies and governmental agencies, many identity thieves are able to use the hacked information to send you a personal phony email that contains your name and is definitely from a company or agency with which you do business making you more likely to respond to the urging to click on the dangerous link contained in the email.  This type of targeted phishing is called “spearphishing” and it is extremely dangerous.

TIPS

Never click on links in emails unless you are absolutely sure they are legitimate.  If you get such an email from a company, you should always be skeptical and make sure that you call the company or federal agency before considering clicking on the link to confirm whether or not the email is legitimate.  Merely because the email uses your name and even your account number does not mean that the email is legitimate.