Spear phishing in regards to cyber security is a targeted form of phishing.
Phishing: Computer scammers sending enormous amounts of fake online messages to trick and scam the public.
Whereas phishing is used on large groups of people to steal information and money, spear phishing describes a focus effort to steal from a specific individual.
Spear phishing can also involve targeting an organization through a specific employee or small group of employees.
This involves trickery that is curtailed and specific to one individual.
What is Phishing?
Phishing is a confidence trick that involves a scammer sending messages to people in order to deceive them and gain sensitive information from them.
In the modern age, phishing communications are mostly digital with the majority of them being email messages.
Phishing can be used on mass amounts of individuals at once with generic messages, or can be spear phishing: specifically targeting individuals and organizations.
Spear Phishing
Spear phishing targets individuals. A spear phishing scammer will research a specific individual and trick them into giving up sensitive information that leads to the scammer gaining money from the victim.
This means the scammer will send messages to the victim that the victim is expecting.
The spear phisher will know what financial institution the victim banks with and could send messages that looks similar or exactly the same from that bank.
If the victim is known to be regularly paying invoices, the scammer will send an invoice that appears to be the one that the victim is expecting.
Spear Phishing: Cyber Security
Because spear phishing is sophisticated and targeted, detecting a sign of phishing becomes a lot more difficult. There are two good ways for a potential victim to practice cyber security and protect themselves from spear phishing:
Verify the message
Make separate contact
Verifying the Potential Spear Phishing Message
This involves the potential victim being vigilant with the source of the message.
If the message came in the form of an email, the email address needs to match exactly with the email address that is normally responded to.
A spear phisher will use a phishing email address the victim is familiar with, just with one letter or character different. This practice can be used with all forms of communication, such as websites and phone numbers.
Making Separate Contact
This involves the potential victim not responding to messages but rather making contact with the possible source on their own with contact information they know is reputable. This can go as far as an individual receiving a phone call from a possible organization they deal with and politely hanging up and phoning the organization themselves. This will insure that the correct contact method is used.
About the Author
Peter Sandru is an Instructor & Co-Founder of NDIL with over 15 years as a Professional Investigator. Peter has spent more than a decade conducting investigations and security operations throughout the world, primarily for corporations, law firms, and government agencies. Peter has assisted in the creation of numerous investigative & security training programs in various capacities.