Don’t Get Speared by this Phishing Scam
Let’s hone in on phishing more to talk about spear phishing. Typical phishing scams will use email made to appear like it’s coming from a specific entity, such as the IRS, sending it to people to trick them into installing malicious malware or revealing sensitive information to the attacker.
Spear phishing, on the other hand, doesn’t just target random people. It’s more focused. Instead, spear phishing targets a specific organization or person. They can be even more convincing, as these scammers will gather information about the organization from social media to make them seem more in the know.
An example from data security firm Baracuda is an email appearing to be from the company’s CEO, who is traveling abroad, claiming their phone and wallet have been stolen and to wire five thousand dollars to a specific account right away.
Spear phishers are on the Internal Revenue Service (IRS) Dirty Dozen list. One of the latest scams is an email appearing to come from the IRS or other tax preparation service, even with the IRS logo, informing the recipient that their account is on hold. The links in the email will either install malware on the recipient’s computer or send them to a bogus site asking for their login credentials.
How to Prevent spear Phishing
Data security firm KnowB4 recommends several ways to combat phishing and spear phishing:
- Check the “from” email address. Is it from a legitimate source?
- Hover your mouse over the links without clicking. You should be able to see where the links will go.
- Instead of clicking the link in an email, go directly to the official website to complete any transactional business.
- Don’t open attachments from unknown senders.
If in doubt, don’t click links in the email! Report it to your IT department, or if spoofing the IRS, forward the email to firstname.lastname@example.org.