Spearphishing

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

 

In the past month, I have had one spearphishing attempt by email and one by phone (where they actually left a voice mail.) I have found that most phone spammers will not leave a voicemail.

The email was clumsily fashioned as an inquiry from one of my credit card providers saying that someone had attempted to use my credit card from an unrecognized device.  They offered a button on the email if I felt such an attempt had occurred.  Since I have heard from this credit card provider many times for just such an event (usually me from a different computer or tablet),  I knew that the font in the email was wrong as well as the language in the email.  Plus this credit card company has never offered a button within an email.

The phone call was equally suspect.  The caller on the voice mail never identified which company they represented, they used a local non 1-800 number, and they were vague about using Apple devices without knowing which Apple devices I do or do not use.

So far, this has only required a bit of commonsense and not responding immediately to an email or voicemail.

Both my father in law and my stepmother have or  had dementia.  This inability to pause before responding to a voicemail or an email is an early sign of dementia

I am not vain enough to say that I will never be caught by a spearfisher or even fake news, but pausing  to see:

  • Does this pass the commonsense test
  • Do I know this person or provider
  • If I do know this  person or provider, does it resemble normal communications
  • For email, has my malware and security systems vetted  the email
  • Am I able to vet  the information from a second source or by checking with  Snopes or another urban legend source
  • Does the URL match the actual organization link or is the logo authentic

Can make a difference in taking the bait and getting hooked or not.