What Is 'Spear-Phishing'? 3 Tips to Stay Safe - Law and Daily Life
Law & Daily Life - The FindLaw Life, Family and Workplace Law Blog

What Is 'Spear-Phishing'? 3 Tips to Stay Safe

The New York Stock Exchange took a brief plunge Tuesday, when the @AP account was hacked in the latest "spear-phishing" attack.

A malicious email masquerading as correspondence from a co-worker was all it took for Associated Press employees to click on a link that somehow gave hackers access to the AP's sensitive account information, Slate reports.

While major corporations struggle to stay ahead of hackers, there are a few ways consumers can protect themselves from spear-phishing.

What Is Spear-Phishing?

Spear-phishing is the more precise and far more sophisticated cousin of phishing, a hacking attack in which spam emails are sent to the general public with generic invitations to click links containing malicious code.

By contrast, a spear-fishing attempt hones in on a specific type of consumer or an employee at a specific company. Spear-phishing emails often use personal details stripped from other accounts familiar to the recipient to make them appear more genuine, The Atlantic explains.

You can avoid becoming a victim of spear-phishing by following these tips:

1. Look for Telltale Signs.

When an unsolicited email hits your inbox, check for these signs that the email is actually a spear-phishing attempt:

  • A suspicious email address. The sender's name might be someone you recognize, but the email address may be unfamiliar or strange.
  • No subject line, or a very vague subject line. Friends and family may be brief in sending you a YouTube link or a news story, but spear-phishing emails often use generic subject lines or body text like "found something cool" or "check this out!"
  • A request for personal information. You should never ever give out your personal information (credit card, SSN, account information, etc.) over email, as legitimate companies will never ask you to do this, according to Mashable.

2. Stop Before You Click on Attachments or Links.

Links and attachments are the keys that hackers use to get viruses from your email into your computer. Do not be careless and click a link without thinking.

Even if the email claims that you have made a mistake on your tax returns and need to click a link to fix it -- as NextGov reports recently happened to 68,000 employees at a defense-contracting company -- stop.

3. Call and Confirm With the Sender.

Your mother may have actually sent you a .zip file called "family photos," but even if the email is sent from her address with "familyphotos.zip" as the attachment, you may still want to call to confirm that she sent it.

Spear-phishing emails often purport to be from trusted friends and relatives. Confirm your unexpected emails with links and attachments by contacting the supposed sender via phone or another email account.

Related Resources: