Internet scams are an ever-present threat that no one is immune to. Scammers never miss a chance to attack both individuals and businesses, so you are always in danger of losing money, assets, and private information. Phishing scams started in the 90s and became a prominent issue at the beginning of the 2000s. While they are not new, these scams have become increasingly sophisticated and pose a serious threat to many businesses.
What is spear-phishing? Spear-phishing vs Phishing
"Spear-phishing" and "phishing" are usually used interchangeably. They are, however, not exactly the same.
"Spear-phishing" is a highly targeted phishing method where cyber criminals (known as spear phishers) pretend to be trusted sources to convince victims to disclose confidential data, personal information, or other sensitive details. These criminals will then use the stolen information for malicious purposes, including identity theft or data breaches.
Spear-phishing content is highly personalised, thus making it extremely challenging to expose illicit tricks.
A "phishing" scam usually targets a large number of users by persuading them they are interacting with a trusted source. It means phishers are attempting to attack as many victims as possible at once.
Read more: What Are Different Types of Phishing?
So why do these types of cyberattacks remain prevalent today?
Symantec's Internet Security Threat Report 2019 shows spear-phishing emails are used by almost two-thirds (65 per cent) of all known groups carrying out targeted cyberattacks. The report also indicates that 96 per cent of targeted attacks are carried out for intelligence gathering purposes.
Nevertheless, individuals (or fish) are increasingly aware of various tricks these scammers impose, for instance, the plethora of "Download Software Here" or "Click Here" buttons on insecure websites. People have been warned and more cautious about suspicious websites or online apps.
Still, there is no shortage of people who have fallen victim to scamming tricks because scammers are just that excellent at pretending to be friends, bosses, family members, or anyone close to the victims.
Source: APWG, Comparitech
Tips/ best practices for individuals and businesses to avoid being phished
1. Keep your private information private
To avoid spear phishing, you should not share any sensitive or private data online. Back up your important files to an external source so you will still have them if a cybercriminal steals your data. Be careful of unfamiliar sender names and strange links.
2. Beware of unexpected offers
Many business scams are perpetrated through telesales, letters, or emails. Thus, look for warning signs, such as obvious mistakes, misspelt words, grammatical errors, etc. If you believe a promise is too good to be true, it often is. They simply try to catch your attention and lure you to click something.
3. Don’t trust text messages (SMS), even when they are seemingly from your bank
Bank messages can also be faked. It may ask you to access a URL to verify your account. Unfortunately, you can lose all your money if you access that URL and provide your credentials. Before making a decision, confirm the information with your bank or financial organisation first and foremost.