Gone spear phishing

Many times what connects us gets used against us. With so much of the world using email, it’s unfortunately become the weapon of choice for fraudsters. Last year, for instance, one in 131 emails contained nasty malware, the highest it’s been in five years.

Since this week is Cyber Smart Week, it’s time to shore up our defences.

Hopefully all of us by now are familiar with “phishing”, where the scammers cast their nets far and wide in the hope that someone they email will click a fake link or open a malicious attachment. They’re aiming to reel in our private details, like credit card numbers or passwords. Globally, phishing scams have been a bit in decline recently, so perhaps we are more on our guards and they’re becoming less effective.

Or they’re getting more sophisticated.

Heard of spear phishing?

That’s when phishing scams target a specific organisation, such as your business, bank or a familiar brand you use. Last year spear-phishing emails targeted more than 400 businesses every day, draining $3 billion over the last three years.

Imagine if you received a fake email from your bank asking for a transfer of funds or information. You’re more likely to consider the request to be legit.

Spear phishing can also happen to you while you’re working. These kinds of scam emails are typically sent during the work week, and often have subject lines like “Request”, “Payment” or “Urgent”.

These email scams deploy many of the same persuasion tactics that scammers typically use. “They’re using that sense of urgency to make us act,” explains the Commission for Financial Capability’s fraud expert Bronwyn Groot.

Another example of spear phishing can happen when you are working with a familiar brand like Google. When you’re prompted to login, you might not think twice about popping in your password. If you’re then redirected by the scammers somewhere else, you’re effectively handing over the keys to all your emails and contacts. Last year Google users were targeted and an estimated one million accounts were affected.

With spear phishing, that urgency is even more dialled up because it’s coming from your organisation, bank or your brand. But what if it’s coming from your boss?

Then there’s whaling.

“Whaling” is another kind of phishing that’s even more specific – the scam email is pretending to be from your boss or senior management. Here scammers are harnessing the power of authority to get us to act. When it’s a note from the CE, people tend to pay attention.

As is typical with scam emails, they tend to be short and to the point, often containing spelling errors that would usually raise a red flag. But when they’re paired with a sense of urgency, and they come directly from someone in power, we might explain those errors to ourselves as the boss simply being busy or in a rush. And that’s when we take the bait.

Take advantage of Cyber Smart Week to shore up your defences – and stay safe out there!