Spear Phishing: The New Form of Cyber Fraud You Should Know About
“With everyone spending more time at home on their computers, I’ve heard that online scammers have gone into overdrive. What are some of the different fraudulent tactics that I should be aware of?”
Dear Cautious Behind the Computer,
You are right to be vigilant and careful while using the internet! Amidst this pandemic, we are spending more time at home on the internet and with the rise of social media use, online banking, and online shopping, people are posting and inputting more personal information and data to the web than ever before. This is a dream-come-true for scammers, who can hack websites, retrieve your personal information, and create a very convincing targeted attack tailored specifically to you.
This new type of attack is referred to as “spear-phishing”, because unlike the generic phone or email scams that we’ve all learned to ignore (often referred to as “phishing”), spear-phishers do not cast such a wide net—instead, they aim to defraud specific individuals. According to the AARP,
“Spear-phishers research individuals and craft personalized messages that appear to come from trusted sources, which helps them bypass traditional email security features like spam filters...you may get what looks like an email, text, or social media message from a friend, a relative, a coworker or a company you do business with. Clicking the link or downloading the file infects your device with malware or spyware that steals your passwords, peruses your files or tracks your every keystroke.”
Tips for Protecting Yourself Against Spear-Phishing
Don’t share personal updates on Facebook. Scammers can learn a lot about you from what you’re posting on social media. In addition to not posting personal information, narrow who can view your posts, and don’t post real-time updates about your location.
Be cautious with emails that contain links or attachments. Only click on links and open attachments when you are 100% certain that it comes from a trusted source.
Check the email address itself—if it contains a slight misspelling of a familiar website or company, it could be something fishy. For instance, a common spear-phishing scam targets homeowners by pretending to be your mortgage company notifying you that your loan has been sold. They provide you the link to the new lender’s website, and request that you make your payments there going forward.
Do not accept a friend request on Facebook from someone you don’t know. Once they’ve been accepted as a friend, scammers will have access to all of your posts, and they can see who you are friends with.
Never respond to an email request for sensitive information, even if it appears legitimate. Scammers may disguise themselves as one of your close friends or relatives and ask for money or account passwords.
Try not to include a lot of personal information in obituaries, especially now that they are often posted online. Scammers may try to target vulnerable widows, widowers, and other family members if they know their names and other personal information, making obituaries prime sources of data for them.
Don’t fill out lots of surveys. Survey companies sell this data, and criminals can learn a lot about you from your responses, such as what car you drive, what hotel you stayed at, what stores you shopped at, etc.
Don’t enter contests or mail in warranty cards. These are both potential sources of personal information for scammers.·
What to Do If You’ve Been Targeted by a Spear-Phishing Attack:
Report it to the FBI’s Internet Crime Complaint Center (IC3)
Report it to the Federal Trade Commission complaint center
To stay informed on frauds and scams, I recommend regularly checking the AARP Fraud Watch Network.