We have written about phishing before. There is also something called spear phishing. This is many times more effective than regular phishing. Research shows that victims open spear phishing mails more quickly than phishing mails. UT students and employees also have to deal with this. But what is spear phishing?
How does spear phishing work?
In spear phishing, the fraudster specifically targets an individual, organization or company. Using inside information (for example, by reading the organization's website, social media and news articles), the scammer sends an email message that is highly personalized. The email usually contains a link that lures the victim to a website to leave personal information or asks them to download a file that causes a malicious piece of software to be installed. In some cases, a victim is also additionally contacted by phone. The goal is to extract data for malicious purposes.
How to prevent scams via spear phishing?
Spear phishing works effectively because the emails are more credible. They look like normal emails, the content of the email is usually not immediately suspicious and often even correct in the context of the recipient's job or work. They often appear to come from people and organizations we know and trust. Take the following steps to avoid this:
- Verify sender and URLs; check for spelling errors or linger over a link to reveal the real URL
- Check the content of the email; if the tone or writing style does not match what you expect from the sender, contact the person in person to verify that he is who he says he is;
- Share cautiously; scammers use information on social media, from phone calls or from publications, for example.
- When in doubt, contact the person who he says he is and/or CERT-UT
Follow the training
Spear phishing is much more effective than phishing emails. Given the success rate, it is being used more and more. Because technical security alone is not enough and the damage can be great we would like to inform you more about this. Soon you will receive an invitation to attend a training session. After 10 minutes of your time our data, yours and your colleagues will be better protected!
