Spear phishing has been in the news lately thanks to the indictment of 12 Russian actors but what is “spear phishing” anyway?
A “phishing” email is when someone sends out a mass email pretending to be someone they are not, maybe a bank: “This is Wells Fargo – we need you to send us your login and password to verify who you are”; or just AOL, Google. They are usually wide spread and just try to see who responds.
“Spear Phishing” is more targeted. The hacker or perpetrator will check out your website to see who is the boss, who is the financial person, check out their Facebook and LinkedIn accounts to gather as much information as they can. Then they will send a fake email to and underling from their boss asking them to wire money ASAP. Or ask you to verify your email password saying they are from “IT.”
It is very hard to identify those attacks as we have seen them coming from the exact domain of the user, but if you look at the tracking behind the scenes (which most users would not know how to do or need to know how to do) the email actually came from some compromised account.
What Can You Do?
The first step is to have all the prevention you can afford. At the very minimum, have an up to date Virus Scanner. And we don’t mean Windows Defender. Have a paid subscription to a legit Anti-Virus. We recommend WebRoot. Second is have a Firewall. Especially if you are a business, small or not, you HAVE to have a proper firewall.
Thirdly, it comes down to the user. Be smart. Does your boss regularly ask you to send wire transfers? Or wire transfers to random oversea accounts? Pick up the phone and call your boss to confirm. Your boss will never chastise you for being too careful.