Chances are, we all have been targets of spear phishing, the latest twist on phishing scams. In a spear phishing scam, you receive an email that appears to be from a friend, colleague, a business that you're familiar with, or even a client. Except it isn't. It's actually from hackers who are looking for a way in to your computer, mobile device, home network, or the firm's network. The email may lead you to click on a link or an attachment contained in the email message, where you will be asked to provide a username and password or other personal information, or the hacker will have malware silently installed on your computer or device. Through such tactics, hackers can often gain extensive access to your home or the firm's network and access your personal information, confidential information of our clients, or other valuable data.
To help avoid falling prey to these spear phishing scams, follow the below tips should you receive any email that you suspect to be a spear phishing message.
- Never accept a request for a password in an email or telephone call that you have not initiated. If you think the email might be real, call the business and ask.
- Do not log onto a website via a link in an email or text message received on your mobile device.
- Pay attention to the link URL. Hover your mouse over the link to reveal the URL that the link points to. If it doesn't match what the link or email say it should, that's a red flag and you should not click on the link.
- Make sure your web browser is up to date with the latest security patches.
- Look closely at the sender's email address and double-check that it is from the organization referenced in the email. (For example, often spear phishers will use email addresses such as "customerservice@XYZInc" when the actual domain of XYZ Inc. is simply "XYZ" rather than "XYZInc." To find out the correct domain of the organization, you can simply do a search on Google or Yahoo!.