In the last issue of Partners, Summer 2019, we dove into how to spot a phishing email. Most phishing emails contain the same indicators of compromise that help us determine the message is a phishing email. However, there is another type of phishing attack that is harder to detect – Targeted Phishing Attack, also known as a Spear Phish.
These types of messages contain information meaningful to the recipient. In some cases, these messages might contain an old password the phisher or ‘bad actor’ retrieved from breached websites, or personal information gleamed from social media sites like Facebook or Instagram. Using information that is relevant to us makes us more likely to open and take action on the phish.
The goal of these targeted attacks is the same as a normal phishing message, the bad actors want to compromise your personal information and gain hidden access to your computer.
These attacks can be more difficult to identify due to the very personalized information that they contain. Fortunately, targeted phishing emails have similar characteristics as normal phishing emails. Recognizing these tactics can help you identify the attacks:
- The email address might be slightly different than it should be, even just one character different
- The email might include a suspicious attachment.
- The email urges you to take immediate action.
- The email urges you to pay ransom, or else….
If you were not expecting the email, even if it may appear to be from someone familiar with you, or if the message is urging you to act or pay ransom, report the message as junk. If you believe your account(s) could be compromised, refer back to the Summer 2019 Tech Tip (available on the GreenStone website under ‘Partners’) for more details on updating your passwords and enabling two-factor authentication.
To view the article in the online 2019 Fall Partners Magazine, click here.