Spear Phishing – explained by Andy Poulton
The recently reported cyber attack on gmail has been called a ‘Spear Phishing’ attack – but what is ‘Spear Phishing’?
First, we need to understand ‘phishing’.
We’ve all had them – the email that purports to be from a financial institution claiming that your account will be frozen unless you verify your date. These emails contain a link to a web page that looks like the home page of the financial organisation in question although the reality is that this page is a clone.
The intention is to trick you in to trying to log-on to ‘your account’. However, the reality is that when try to log-in, all that happens is that you are linked across to another page, typically a cloned ‘Error’ page that then links to the real page of the financial institution whilst your secure access data is emailed to the creator of the original email – et voila – they have access to your bank account.
A ‘Spear Phishing’ attack takes a regular attack but rather then send the email out indiscriminately, the attacker chooses his targets with care and only sends his attack to specific individuals in whom the attacker has an interest, members of governments, for example.
Make sure that you’re not a victim – just ignore all emails that purport to have come from a financial organisation requesting that you log-in, they have all agreed that they will never ask for this type of information in this way.
If you recieve an email and believe it to be genuine, don’t click on any link, either telephone your bank or go to their website by typing the web address in to your browser and log-in to check the information that way.