Spear phishing is the latest version of phishing and it relies on familiarity. Spear phishing is an email that looks like it comes from an individual or business that you know. The criminal behind a spear phishing attack will do a thorough research about a victim, sometimes taking months of research to find relevant information he can use. They will search everything about their victim on the Internet and social media websites to find your page, email address, friends and all personal information they can gather. With this they will be able to compose a personalised email that will look like it comes from one of the victim’s friends about a subject of interest. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for.
In 2014 attackers sent on average 73 spear phishing emails per day.
If a “friend” emails you and asks for a password, to transfer money or for other information, call or email that friend to find out if they sent the message. Always check emails claiming to be from a bank or business asking for personal or financial information. If you think the email might be real, call the bank or business and ask or visit the official website. You can notify most banks of a suspicious email claiming to be from them by forwarding it to their dedicated email address which you can find on their website.
Find out how much information you can find about yourself by doing a search on Google, Bing, Yahoo and other search engines using your full name, address, email, hobbies, etc. If you’re using social network websites, take a look at your posts and profile and see if there’s something that you don’t want scammers to know. Don’t click links and download attachments just because the email seems to come from someone you trust. Make sure you choose difficult passwords for all your accounts and change them as soon as you think an account has been compromised.