Whether you call it spear phishing, spear fishing, or spearphishing, it’s a computer hack of your email in a way that’s targeted toward you, where you work, or a group you belong to. And, it masquerades as coming from someone you know and trust from your family, friends, workplace, or social group.
Spearphishing differs from regular phishing in that it focuses on a single, specific target for a single purpose.
You see, spearphishing takes advantage of your trust. It preys upon your willingness to be a good employee by seeming to be an important email from a person of importance (known or just puffed up like Senior Distributor of Information Technology) who then requests sensitive information.
Information like your screen name, password, sensitive financial data. Once the spearfisher gets a foothold with that kind of data, they can go even further by masquerading to be YOU.
And then, they can make requests, engage internal company infrastructure, steal data, and generally wreak havoc like the evil twin in a bad soap opera.
A common tactic for the successful spearphisher is to send a bogus email to all the victim’s contacts containing a bogus link. The supposition being that those who trust you will take the bait (or be jabbed by the spear) just like you did.
How can you combat these sharp, pointy e-spears? Start with the basics. Double check not just the person’s name in an email, but also the actual email address. Use a phishing filter in your browser or mail serving program. Never directly click a link to a site — always manually enter the URL instead.
And always, yes always, try to be aware of the latest scams. (One great way is by subscribing to The Internet Patrol!) Spearphishing isn’t going anywhere soon. Most internet monitoring groups claim it’s exponentially on the rise.
Because, rest assured, the spearphisher is looking to do much more than “rickroll” you.