Thursday, October 1, 2015

Protect Yourself Against Spear Phishing

Here's a real spear phishing example

What is Spear Phishing?


Phishing emails are emails that try to fool you into clicking links or sharing confidential information, such as passwords and credit card numbers. Spear phishing goes one step further: the scammer contacts you directly by name, often via chat, instant message or over the phone. Spear phishing attacks frequently use icons and faked URLs that appear to be legitimate. Scammers pretend to be customer service reps or technicians, warning you about potential threats to your computer or bank accounts. Their goal is to make you act quickly, before you have a chance to critically evaluate the information you see.

Stop. Take a breath. Think. You have plenty of time, no matter how urgent the scammer makes it seem. And you have experts on your side who can help you: the ITS Help Desk.

Remember the three Cs: 


Consider what you're being asked to do. 

No bank or legitimate business will ask you to give confidential information in a chat session, in email or via instant message. No legitimate computer or software vendor will contact you with dire security warnings and then ask for your password - let alone ask you to enable their access to your computer.

Critically evaluate what you read, see and hear. 

Even if the icons and text look OK (say, the font is the same as Apple's, or you see a Microsoft logo), what information are you being given? Technical jargon about 'error codes' and 'UDP ports' is meant to confuse you. Harsh, repeated warnings about 'permanent damage' and 'serious hacking' are intended to scare you and make you act without thinking. Poor grammar, misspellings and vague details should raise red flags. See example above. If someone is speaking to you over the phone or audio, do you hear lots of background noise? Does the speaker's language or phrasing seem odd to you? Does the speaker get angry when you ask for details or confirmation? Chances are good you're being speared.

Call for an expert opinion and assistance. 

That's 651-696-6525, or email The ITS Help Desk staff stand ready to help you determine the validity (or otherwise) of warnings and confusing messages. If you are victimized by a spear phishing scam, don't hesitate to call us. We can help you contain the potential damage, change your passwords and rid your computer of malware. If you have questions about phishing or spear phishing, please check with us.

No comments:

Post a Comment