5 Tips to Spot Spear Phishing

Phishing emails used to be easy to spot, quickly revealed by typos, fuzzy logos or strange sender addresses. But today’s cyberthieves have upped their game with more sophisticated scams like spear phishing, which use personal details to gain your trust – and defraud you with greater ease. Phishing attempts are one the biggest email-based cyber threats.  And with impersonation attacks like spear phishing on the rise, it’s never been more important to know how to identify – and avoid – these email-based threats.

How does spear phishing work?

Spear phishers target you by gathering personal information like your job title, family or coworker names or where you bank. Then, they customize email or text messages that sound like people or companies you know and trust. Opening one of these emails isn’t the biggest threat – it’s clicking links or opening attachments – or doing anything else the sender asks, typically in an urgent tone. 

Successful attacks can result in:

• Malware being installed on your computer or device
• Ransomware taking over your computer until ransom is paid
• Loss of critical and/or confidential information
• Credentials being stolen

Some examples of spear phishing include:

• An urgent email from your boss asks you to review an attachment or link.
• An email from your bank alerts you to potentially fraudulent activity on your debit card and asks you to confirm your identity by entering personal information, like your Social Security number.
• A text message from a delivery service notifies you that your parcel can’t be delivered unless you “verify” your credit card or other personal information.

Ways to outsmart spear phishers:

Verify email addresses
If an email looks suspicious, or is unexpected, look at the sender’s address by hovering your cursor over it or tapping it on a mobile device. Look for clues that it’s not the legitimate domain name, like misspellings, extra numbers or letters, or other oddities.

Be careful where you click
Don’t open links or attachments you aren’t expecting. 

Confirm customer service phone numbers
If you get an email from a company you do business with and it’s instructing you to take an action, trust but verify before you do. The best way to do this is to look up the company’s contact information on their website or an old statement and use it to call them directly to verify the email is legitimate.

Beware of a sense of urgency
Scammers often count on respect for authority to get you to act quickly, which is why spear phishing emails often appear to be from your boss, bank or other trusted source. If you get an unexpected message asking you to take urgent action, it may be a spear phishing attempt.

Beef up your security 
Do regular software updates, which include security patches and anti-virus updates. If you haven’t already, consider enabling two-factor authentication, including biometrics (retina and fingerprint scans) to secure your accounts.

For more tips on staying safe online, visit our security and fraud prevention page.

And if you’re a Banner client, we’re always here to answer your questions related to fraud, identity theft and financial scams. Visit your local branch or call us at 800-272-9933.