Spear Phishing is an email fraud attempt that uses information in a targeted way to trick you into giving them money or trade secrets.
It is important that you know how much about yourself is on the web. This type of fraud usually happens when someone claims to know you through some social event, when they have really only read about it on your Facebook page or other social site.
This type of phishing can also happen when a person emails the victim claiming to be from their own company and wanting log in details. They can only do this by learning about specific details of your company and who you may answer to. So if you think that this information is readily found on the internet, be careful who you give out information to. It could be a phishing scam.
For the definitions of all things web, go to Webopedia.
There used to be a time where businesses would get a letter in the mail from some part of Africa claiming to be a Dignitary or lawyer that needed the firm’s help. It would go on to ask permission and for bank account numbers so this person could deposit great sums of money to the firm’s account. For their trouble, they would give the firm a commission (a wonderfully high sum too)to keep. Of course it was a way to get access to a bank account and clear it out.
Technology has enabled this same scam and so many more to evolve to greater heights.
Beware of any scams that come under the following type:
Generic greetings – If you get an email from Paypal for instance telling you that your account has been compromised and you should sign in, they will use a greeting like Dear Paypal user, or just Dear user. Companies such as paypal know your first and last name and will always use it. Your bank will never send you emails like this. They will call you.
False sense of urgency – These are the emails that say that your account will be closed or blocked if you don’t click on their link right away. Don’t be fooled
Fake links – These are the most important. A phishing email will have a link that looks legitimate, but it still may send you to a fraudulent website. If a company or bank that you deal with is the subject of an email, go to the regular website address you normally go to, don’t use the link in the email. Often it looks very similar and the web address is similar, but the differences mean that you could be typing your user name and password (which is what they are after) into a site that is collecting them for fraudulent purposes.
If I get an email from Paypal or Ebay about a security problem, I never ever sign into my Paypal account from the link on the email I’ve received. According to experienced Paypal users, this is how 90% of PayPal accounts are hacked into.
The term https:// should always precede the domain address as well. The “s” stands for secure. If you don’t see the https then the site is not secure and you should not enter any information.
If you do receive a phishing email for Paypal, you can forward it to firstname.lastname@example.org. They are happy to have a list of these scams that hurt their business.
The best rule of thumb has always been the same.
“If it seems too good to be true, it probably is”
And for any unsolicited emails you get in your inbox, be very careful of who you reply to and clicking on any links.