How to Avoid a Spear-Phishing AttackAs we discussed in a previous article, phishing is an attack that uses disguised emails as weapons aimed at masses of people. However, spear-phishing is a targeted attempt to steal sensitive information from a specific victim, such as account credentials or financial information.
During a spear-phishing attack, the perpetrator attempts to acquire personal details on the victim’s friends, hometown, employer, hang-outs, and their recent online purchases. This is typically done by disguising themselves as a trustworthy friend or entity through email, social media, phone calls, or text messages.
Because spear-phishing is the most successful form of acquiring confidential information online, it is important to practice how to avoid an attack.
1. Beware what you post: Review your online profiles. How much personal information is available for potential attackers to view? If there is something you do not want the public to see, delete it, or ensure your privacy settings are properly configured.
2. Use smart passwords: It is not wise to use the password for every account you own. In this case, if an attacker has access to one account, they effectively have access to all of your accounts. Passwords with random phrases, letters, and numbers are secure.
3. Use logic with emails: If an organization sends you a link in an email requesting a specific action or sort of personal information, go directly to the organization’s site rather than clicking on the link. Calling the organization can also help clarify the issue. Real businesses will not email you asking for your username and password.
4. Update your software: Software systems include security updates that should help protect you from spear-phishing attacks, as well as others. If you receive notice of a new update, be sure to take advantage, or enable automatic updates.
To learn more about how you can protect your data or sensitive information, contact the experts at WesTec.
Trackback from your site.