Spear phishing: Highly targeted scams
 You've probably heard of phishing scams: fraudulent e-mail messages or fake Web sites designed to steal your identity. Scam artists "phish" in an attempt to persuade millions of people to disclose sensitive information. For information on standard phishing scams, see Recognise phishing scams and fraudulent e-mails. What is a spear phishing scam?Spear phishing describes any highly targeted phishing attack. Spear phishers send e-mail that appears genuine to all the employees or members within a certain company, government agency, organisation, or group. The message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or the person who manages the computer systems, and could include requests for user names or passwords. The truth is that the e-mail sender information has been faked or "spoofed." Whereas traditional phishing scams are designed to steal information from individuals, spear phishing scams work to gain access to a company's entire computer system. If you respond with a user name or password, or if you click links or open attachments in a spear phishing e-mail, pop-up window, or Web site, you might become a victim of identity theft and you might put your employer or group at risk. Spear phishing also describes scams that target people who use a certain product or Web site. Essentially, scam artists will use any information they can to personalise a phishing scam to as specific a group as possible. The good news is that you can help avoid spear phishing scams by using some of the same techniques you already use to help avoid standard phishing scams. 5 tips to help you avoid spear phishing scams
|
|
