Spear-Phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
Spear-phishing attacks target a specific victim, and messages are modified to specifically address that victim, purportedly crafted as if coming from an entity that they are familiar with and containing personal information.
Spear-phishing requires more thought and time to achieve than phishing. Spear-phishing attackers try to obtain as much personal information about their victims as possible to make the emails that they send look legitimate and to increase their chance of fooling recipients.
To minimise the possibility of being a victim of such techniques:
- Use a spam filter which will block the majority of unsolicited emails from ever making it to your inbox;
- Always verify the email address of the sender – not just the sender’s name;
- If you receive an email from a person you know but the content of the email seems suspicious, do not reply. Contact that person separately;
- Do not open any attachments from senders you don’t know or are not expecting;
- Do not click any links before verifying where the link will take you;
- Never provide sensitive information on a website unless you are sure that the website is a legitimate one and has legitimate reasons to ask for such information;
- Train your staff in how to recognise common impersonation tactics.
- Make sure you are not redirected – i.e. you are unknowingly taken to a different website which has an identical design to the one you are expecting;
As part of the Cyber Security Malta, Tech.mt collaborates with the Malta Information Technology Agency (MITA) and the Malta Digital Innovation Authority (MDIA) to deliver educational video episodes about Security in the Digital Economy towards a safer future.