If you have the knowledge about internet security, by now you should have heard about "Phishing". Have you ever received emails pretending to be either from your bank or Microsoft, asking you to send your password? If you happen to comply with their request, you are gone completely. Recently their tactics have changed, there is much more sophisticated version of this technique, called Spear Phishing. This is where an individual is the target of a very well-researched and personalized phishing campaign.
Even a seasoned internet user can be tricked by this scam. So in this article, we will help you to sport them, and ways you can avoid this email scam. But let's first consider how this spear phishing works.
Spare phishing exhibits a well-known pattern, the phishing often commenced by learning and researching about the company you worked for, the project you might be currently working on, etc. After gathering all this information about you, the next thing they will do is to forward a message to you that appears to come from someone you know very well. In the email, there will be a link to a file you are instructed to download, severally, the file will be hosted by services like Dropbox or Google Drive. Immediately you go to the page hosting the file, the first thing they will tell you is to send your credentials or enter your credentials. You have to be very careful because the site will be designed to look very realistic like a legitimate google or similar login page.
Have in mind that a scammer runs this page, once you inserted your username and password on the page, the information will be sent to the scammer directly instead of you being logged in. It can even work with Two-Factor Authentication. Immediately you enter your authenticating code, it will be forwarded to the scammer direct.
With that, the scammer now has the username and password to your google account. They can equally use this to access your account any time they feel like.
How To Avoid Spear Phishing.
The best thing you can do for yourself is to be very careful; don't trust much, because even an innocuous-sounding message from a trusted friend or colleague could turn out to be a phishing attack.
Whenever you receive an email, double and even triple check the sender's address. You need to be very careful to ascertain if the address is fake on not. Have in mind that not because the email comes from someone you know even with the personal signature, name, etc. makes the message authentic.
Be at alert to know if the sender makes the request so urgent especially if they are asking you to do something you usually would not.
The best way to defeat the phishing is to pick up your phone and call the real person you know, to confirm if truly he was the one that sent the mail. So if the request is genuine, it will only take a minute to confirm.
Watch out for files linked in emails, even something that you might assume would be safe like an Excel or Word file can hide malicious software. Be very careful if a linked file requires you to enable Macros, as this is a common way to install malware on your device.