Hackers use ‘SpearPhishing’ to get your data

RALEIGH, N.C. (WNCN) – There’s a rising cyber threat you need to know about – it’s called SpearPhishing.

Cyber experts say it’s being used more and more by hackers to get your data.

Phishing is when hackers send you a generic fake email hoping to pull out anything of value that might help them steal from you. Sometimes it fails, sometimes they hit big time.

But scammers are getting more sophisticated, engaging in social engineering to target you with laser precision using SpearPhising techniques. That means they use very specific personal details to tailor emails, text messages, or phone calls to their victims and Social media is fertile ground for SpearPhishers.

A study by the cyber security company Proofpoint found social media-based phishing attacks jumped a whopping 500 percent in the last quarter of 2016 and the number of attacks continue to grow in 2017.

Recent data breaches, like the ones at Equifax and Anthem, where thousands of social security and credit card numbers were stolen also add to the spear phishers arsenal of personal information they can to obtain to trick you.

Experts say SpearPhishing works because it’s highly believable.

CBS North Carolina asked Raleigh resident D.J. Johnson if he got an email or text with specific information about his dog, his child or some other personal detail would he be inclined to believe it?

He said yes “because it’s personal stuff that I know.”

So how do you defend against spear phishing? Experts say SpearPhishers still rely on some standard social engineering tricks.

  • Be skeptical of requests that imply extreme urgency. (Scammers often want quick responses warning of dire consequences if ignored)
  • Don’t Trust caller ID. (It can be faked to show anything)
  • If a scammer makes a demand tell them to send you that request via U.S. mail. (Scammers won’t do that because they want a quick, electronic hit)

You should also limit the amount of personal information you put on social media.

The more details about your life you put out there, the bigger target you become.

SpearPhishing isn’t just limited to individuals.

Large corporations can also be victims when employees get fake emails purporting to be from the firm’s IT people asking them to change passwords or confirm other sensitive information.


Trend Micro Research paper on SpearFishing

Listings of the latest of phishing attacks and techniques for 2017

Proofpoint article on SpearPhishing attacks aimed at companies

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s