Crime Prevention Tip of the Week: Spear phishing scam
January 27, 2015
Steamboat residents have reported receiving emails from what appears to be legitimate businesses they associate with requesting personal information. These emails are known as "spear phishing" because the spear phisher thrives on familiarity and has already obtained some information about you.
Spear phishers usually know your name, email address and other personal information through other online sources.
The following is a brief synopsis of how Spear Phishing works:
The latest twist on phishing is spear phishing. No, it’s not a sport, it’s a scam, and you’re the target. Spear phishing is an email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords and the financial information on your PC. Learn how to protect yourself.
Email from a “friend”
Recommended Stories For You
The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: “Hi Bob” instead of “Dear Sir.” The email may make reference to a “mutual friend.” Or to a recent online purchase you’ve made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it’s a company you know asking for urgent action, you may be tempted to act before thinking.
Using your web presence against you
How do you become a target of a spear phisher?
From the information you put on the Internet from your PC or smartphone. For example, they might scan social networking sites, find your page, your email address, your friends list and a recent post by you telling friends about the cool new camera you bought at an online retail site.
Using that information, a spear phisher could pose as a friend, send you an email and ask you for a password to your photo page. If you respond with the password, they’ll try that password and variations to try to access your account on that online retail site you mentioned. If they find the right one, they’ll use it to run up a nice tab for you.
Or the spear phisher might use the same information to pose as somebody from the online retailer and ask you to reset your password, or re-verify your credit card number. If you do, he’ll do you financial harm.