You think it’s your bank calling, you answer the phone, and someone introduces himself as a bank official. The caller claims that the bank needs to verify a transaction on your debit card and even confirms some of your personal details, like your full name and the last 4 digits of your social security number. As a result, you unwittingly reveal some of your sensitive information.
You don’t stop to check your bank account because after all, the bank has all your details and they just want you to verify. Right?
Wrong! You’ve just fallen victim to one of the most notorious scams in recent history– spear phishing scams.
What Is A Phishing Scam?
Phishing, in general, refers to an act of sending messages to targeted people in order to trick them into revealing certain sensitive information. Most phishing attempts are general and target a large group of people who are likely to be potential victims.
The scammers use a fake narrative or impersonate a trusted person or legitimate company in order to gain your trust and steal confidential information from you.They can also use the sensitive information to infiltrate your networks.
General Phishing scams are often conducted in form of emails that are sent to a group and may appear to come from a trusted source. The attacker may send malicious emails to many people which appear to come from a trusted source.
A few subtle hints to look out for to identify phishing emails include:
- Emails that are impersonal
- Emails that contain lots of spelling errors
- Emails sent in bulk
- Emails without domain names
- Emails with unsolicited attachments
Unfortunately, most people are never quick to identify emails with a malicious intent.
The Difference Between Phishing And Spear Phishing
Spear phishing, on the other hand, is a more focused approach of scamming victims.The scammer targets an individual or specific people who have a common interest like employees in the same department. When phishing targets high-ranking individuals in an organization such as CEOs, CFOs or other company executives,it is known as whaling. The scammer then refines the message to increase the chances of getting a hit.
The scammer can even go ahead and fake the caller ID in order to trick you into thinking the call is from someone you know and trust. This is known as caller ID spoofing. Unlike general phishing which casts a wide net across so many potential targets, spear phishing is directed to specific targets so a very refined language is used to gain the trust of the victim. For this reason, spear phishing can be more challenging to detect as the target assumes they are speaking to a source that they’re familiar with.
How To Avoid Phishing Scams
- Don’t share confidential information on calls, texts or emails,even if the caller ID appears to be from someone or a company you trust.
- Don’t be quick to respond to calls requesting sensitive information.
- Don’t trust someone who shares some of your personal information. Scammers always have a way of getting your sensitive information to gain your trust so you can share even more.
- Report immediately if you gave scammers your sensitive information. Report any encounters with scammers even if you did not share any confidential information as this will help to further investigations and shut them down.
In both phishing and spear phishing scams, the end goals are the same – the attacker provides information about the target to gain trust and convince them to share some confidential or protected information. The specific approach used by the attacker varies from situation to situation.