Cybersecurity Step-by-step #8: Avoid Spear-phishing Scams

Print This Post | Published in: Resources |

Your financial well-being is our highest priority, and one of our goals for 2018 is to walk you through the necessary steps to protect your online data. To make it more manageable, we are sending you one new action item every month. If you missed the previous steps, we have listed them below with a link to the detail so that you can easily catch up.

Step Eight:  Avoid Spear-Phishing Scams

What is Spear-Phishing?  You may have heard of the term “phishing” which refers to online scams to obtain your personal information (Click here for examples). “Spear-phishing” involves a more targeted approach (spearing one fish at a time) by using information already obtained to impersonate the people and businesses you trust to lure you into providing more sensitive information, or access to your computer or financial assets. The following are spear-phishing examples:1

  • An email from an online store about a recent purchase. It might include a link to a login page where the scammer simply harvests your credentials.
  • An automated phone call or text message from your bank stating that your account may have been breached. It tells you to call a number or follow a link and provide information to confirm that you are the real account holder.
  • An email stating that your account has been deactivated or is about to expire and you need to click a link and provide credentials. Cases involving Appleand Netflix were recent sophisticated examples of this type of scam.
  • An email that requests donations to a religious group or charity associated with something in your personal life.

How to avoid Spear-Phishing:

  1. Be suspicious. If an email requests sensitive information or asks you to click on a link, be suspicious, even if it is from someone you know. Be even MORE suspicious when the communication includes upsetting or exciting statements that may be a ruse to distract you from clues you might otherwise notice.
  1. The best defense is to call and verify that the sender was the true author of the email. Instead of clicking on links, go to the website by typing the URL address directly into your browser.
  1. Never transfer or wire assets without verbal verification. Never. One favorite strategy of spear-phishers is to intercept fund transfers and substitute account numbers. Whenever you are transferring funds, double-check verbally that you are transferring the funds to the correct account.
  1. Follow our Cybersecurity Step-by-Step recommendations: If you take these steps to improve your cybersecurity, you will become a very difficult target to spear! To review the previous steps, visit our blog.

Read more about Spear-Phishing


List of Previous Steps:

Step One: Place a freeze on your credit history at the top three credit agencies.

Step Two: Update the operating software on your computers, tablets and smartphones, and continue to update as new patches become available.

Step Three: File your tax returns as early as possible.

Step Four: Use unique passwords on every site (and try a password manager).

Step Five: Never (ever) email sensitive information and always insist on encryption.

Step Six: Avoid using public WiFi networks.

Step Seven: Monitor your financial activity.

1 “What spear phishing is (with examples) and how can you avoid it” Aimee O’Driscoll, Comparitech, May 29, 2018.