Time and time again, the way in which major online attacks on government agencies, companies and all of us as individuals begin is through a spear phishing email. Phishing emails are emails that are sent to lure you into providing information or clicking on links in the email that contain malware, such as ransomware or keystroke logging malware that can lead to your becoming a victim of identity theft. Most phishing emails are easy to recognize as being scams. However, spear phishing emails are phishing emails that are specifically tailored for us. They come addressed to us by name and they generally deal with specific subjects in which we are interested or appear to come from companies with which we do business or have accounts. The question then arises as to where do cybercriminals gather the information about us which they turn against us by using it to convince us to either provide them with information or click on links that download malware? The answer is that there are many places on the Internet that a determined cybercriminal can go to gather such information, but unfortunately, many of us are partially responsible for our own vulnerability because we provide too much information about us on social media that can be used to make us the victims of many different types of scams and cyberattacks.
Company websites may have detailed biographies of employees and sites such as LinkedIn will provide a lot of information that can be used to trick us into falling victim to spear phishing. Using readily available services such as Pipl, someone who has your email or phone number can use that basic information to obtain your biography and other personal information. Your username for more than five hundred social media networks can be found using services such as knowem. Just knowing your name can lead someone to your Facebook or Instagram page. Many people post far too much personal information on social media that can be exploited by cybercriminals.
As a basic defense against phishing and spear phishing, you should never provide personal information in response to an email or text message unless you have absolutely confirmed that the request for the information was legitimate and the information needed to be provided. It may seem paranoid, but remember, even paranoids have enemies. Also, never click on links or download attachments unless you have independently confirmed that the email or text message containing the link or attachment was legitimate.
As for protecting yourself in regard to social media, don’t register on social media by email or phone numbers that are made public. Use a different username for each social media account you have. Finally, and most importantly think before you post anything on social media before you post information that could be leveraged against you by a cybercriminal.
Being aware of where spear phishing emails are made to appear to come from can put you on alert so that you can avoid clicking on links in these emails or providing personal information to an identity thief. The most common phishing emails appear to come from social media services such as Instagram and Facebook,popular online services we all use such as Netflix or Amazon, your bank or your email carrier. In many instances, spear phishing emails are constructed to think that there is some emergency that requires your immediate attention. Don’t fall for these scams. If you think a real emergency has occurred, contact the real company at an email address, website or phone number that you know is legitimate. Don’t click on a link or otherwise respond directly through the email or contact information it provides.
Finally, use security software that includes phishing screening. While it is not totally effective, it is very useful.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”