Email phishing scams have been around just about as long as email itself. The term email phishing refers to the act of maliciously sending a fake or fraudulent email in order to trick the receiver into visiting a malicious website, downloading a malware infected email attachment, or purposely giving up vital pieces of private information. The next generation of phishing attacks is referred to as spear phishing. This attack is similar to traditional phishing, except that the phishing email is only sent to people in a small, related group such as the management of a company. The email is typically tailored to appear genuine, but if the receiver opens the email, its attachments, or clicks its links, the attacker will achieve his/her aims.

How does a Traditional Phishing Scam Work?

A scammer or hacker normally conducts traditional phishing attacks by sending millions of email messages that appear to originate from legitimate senders such as banks, investment companies, and other valid stores or businesses. These emails attempt to convince the recipient to send personal information, social security numbers, passwords, and bank account numbers in response to apparently legitimate requests.

How do Spear Phishing Attacks Work?

A spear phishing attack is any targeted email phishing attack. Spammers and scammers have found that taking a bit more time to research targeted persons or organizations allows them to obtain more personal or financial information from persons in a given organization. These email messages are designed to seem like legitimate messages from friends, family, co-workers, or even network administrators in order to obtain passwords or other private information. The attacker spoofs/fakes the sending address to be from someone that the user knows/trusts. These attacks are typically designed to help the attackers gain access to that specific user’s information or company network, thereby posing a significantly greater risk than traditional phishing attacks.

How to Prevent Spear Phishing Attacks

Step 1 – Always run anti-spyware or anti-virus software that provides anti-phishing protection against malicious websites on computers.

Step 2 – Never send account log-in or password information in response to an email. All legitimate account administrators are trained to never ask for this information. Highly specialized spear phishing attacks also include phone calls or even in-person visits from those pretending to be technicians in order to solicit the personal information from the targeted person or company.

Step 3 – If an email appears suspicious, call the purported sender to verify the authenticity of the email before opening, responding, or clicking any links or attachments. When in doubt, do not open the email at all.

Step 4 – Do not click any email links that contain requests for personal information. This is a sign that the email could be a spear phishing attack.

Step 5 – Report all suspicious emails to the local administrator so that he/she can conduct further analysis and take protective measures if required.