Spear phishing: when scammers know your personal information

Spear phishing: when scammers know your personal information

This sophisticated new cyber scam is becoming increasingly common. Here’s how to avoid being harpooned by spear phishers.

Ruth Jackson

Rights, Scams and Politics

Ruth Jackson
Updated on 9 December 2016

Phishing has long been a way for criminals to con people into parting with personal details.

Now a new, more sophisticated con has been born – spear phishing – and it is catching out a lot of people.

Spear phishing is where you get an email from an individual or business that you know personally.

The email may be addressed to you by name, or mention a mutual friend, or a recent purchase you have made.

But, it is a con sent by criminals that have managed to find out some personal information about you, in order to make you more likely to fall for the con and part with your credit card number or bank account details.

Keep an eye on your credit report 

How they get your info

The criminals usually get their information about you from what you have posted online – either through your Facebook page, Twitter feed or other social media accounts.

For example, the fraudster may scan social media for your email address, friend list, and a recent post about your new camera you bought from an online retailer.

They will then email you posing as one of your friends and ask for your password for a photo site so they can see your new pictures.

If you respond with your password they’ll try to see if that password gets them into your account with the online retailer, if it does they’ll start spending your cash.

Or, they might email you pretending to be from the retailer asking you to reset your password or reconfirm your credit card details.

Keep an eye on your credit report 

How to stay safe

The first step is to take a look at your social media accounts and reassess your privacy settings.

Who can read what you post, or see your friend list? Change your settings so only friends, or people you approve, can see your accounts. And think twice about what you post in future.

Now take a look at your passwords.

Try to avoid using the same password for numerous accounts – that will stop spear phishers from being able to find out one password then use it to access lots of other accounts where they can spend your money, or empty your bank accounts.

Really you should have different – and I mean substantially different not just alternating numbers at the end of the same word – for all your online accounts.

Also, keep your computer’s anti-virus software up to date.

Some spear phishing emails can contain malware or direct you to a website or link that means you download Trojan horses onto your computer that allow the hacker to then monitor your key strokes so they can get your passwords and personal info.

Your security software can help protect you from malware, but only if you keep it up to date.

Finally, double check before handing out passwords or other personal info requested in emails, even if it seems to come from a person or company you trust.

Call them, or send a separate email, to check they are genuinely contacting you for that information.

Keep an eye on your credit report 

Most Recent