Phishing involves scammers attempting to obtain sensitive information by pretending to be a legitimate organisation through email or other electronic communication. One of the most common types of phishing campaign is called ‘spear phishing’.
In spear phishing, the scammer tailors their attack to targets a specific organisation or individual to compromise their particular credentials. This is in contrast to the ‘typical’ phishing campaigns, in which scammers send blanket emails to a large number of organisations or individuals hoping to fool a small number of them.
source:hackernoon.com
If they successfully fool their target into believing their message to be legitimate, the scammer then harvests their sensitive information. This may be usernames, passwords, or bank account details, and is maliciously used by the phisher for personal benefit.
For those of you who don’t know, the term spear fishing refers to someone, who gathers personal information about an individual online. Usually, they use social media networks to get the info and then create an email, tailored to every person, specifically. This increased attention to details makes the email more convincing and increases the likelihood of a successful attack.
What is Spear Phishing?
The most simple spear phishing attacks involve a scammer sending an email pretending to be a legitimate organisation that the victim trusted. The email would contain a message warning the victim that something is wrong with their account. It usually contains a link which, if clicked on, lead the person to a scammer website which provides the scammer all they need to get the job done. The email may also contain an attachment which harbored malware that infects the user’s device when opened.
source:masterpayusa.com
Luckily, nowadays, people are aware of this issue and they are increasingly savvy in spotting these simple scams. As a result, the scammers are modifying their emails to try to hide their true intentions and make it as believable as possible. Most of those emails look quite authentic and we suggest you don’t open them if they are not from someone you know and expect to send it. Moreover, the links in those emails changes and they look genuine as well.
Attacks – What Are They Like?
According to netsec.news, looking at the website URL is a simple way of discerning whether the website is real or fake. In response, scammers have started to use JavaScript. In which way, though? They now hide the scamming URL with the address of a website you know for a fact is legitimate and hide it that way. That is why you need to double check that URL – you can do so in a code or try hovering over the address with a mouse. These tricks make it difficult for even the savviest of users to distinguish between real and fake sites.
Scammers also take steps to hide the link embedded in the email, using link shortening to hide the fake URL. The most famous short URL is Bitly. You cannot have any idea where it would take you – usually sites behind Bitly are legitimate, but sometimes, it can be a trap.
source:masterpayusa.com
Although there are plenty of security measures which are taken when sending and receiving an email, spear phishers keep finding ways to avoid those ramps. Sometimes, they render all or part of their message as an image. In this form, the real purpose cannot be detected by security.
All of the above tricks mean that it is easier than ever to fall for a phishing scam. One of the most straightforward ways of avoiding misdirected to a fake website is not to follow the link embedded in an email. Instead, if invited to log in to an account, search for the website in question in a new tab, and log in through that website. If there is something wrong with your account, you shall be informed on login. Furthermore, you need to gain knowledge to recognize the fake email, (such as being addressed to “our valued customer” instead of your name/username) which can help protect yourself against scams which have made it past the email filters.
