Phishing, Spear Phishing and related scams
The same is true of humans, and whilst we don’t live in the sea, cyber-criminals come fishing for us every day. Just like in the sea, you can go trawling and pick up all sorts in your net pretty randomly; or you can stand in the shallows and pick-off individual fish with your spear. Computer bods have changed the names a bit with a snazzy “Ph”, but the principal is just the same.
Phishing is a scam by which an Internet user is deceived by an e-mail message into revealing personal or confidential information which the scammer can use illicitly to get money or sell on to third parties. The email comes from any number of ‘genuine’ sources like banks, building societies, couriers and large on-line retailers such as Amazon & John Lewis, and they ask you to log-in to verify your details … don’t! You get an email with an attachment that you were not expecting but that is perfectly plausible … always be suspicious, or a similar email with a link to ‘view’ a document or invoice, don’t. This is just spam email and you should just delete it. It doesn't mean that you email has been hacked, simply that your email address has been harvested by some virus on somebody else's computer and you can expect to get more in the future. Exercise caution!
Spear Phishing is a much more targeted attempt to steal sensitive information such as account details or financial information from a specific victim or company, often for malicious reasons. This is achieved by acquiring personal details on the victim such as their friends, home town, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy friend or company to acquire sensitive information, typically through email. This is the most successful form of acquiring confidential information on the internet. If you ever get a begging email purporting to be from a friend in trouble, you can be certain its not genuine … if they were in real trouble, they’d ring you!
And lastly there is Smishing (SMS Phishing) where victims have reported receiving text messages, purporting to be from their banks, advising them that new direct debits have been set up. The messages ask victims to contact the bank on a number provided if these haven’t been authorised. When the victim contacts the “bank” they are asked to provide personal details. Fraudsters then take control of the account and send payments to themselves on-line. You should always call your bank using a number from a bank statement or a verified source, not a text message. Scam text messages can take any form, and are not always from banks; texts are very convincing as they use victim’s full name and can contain clickable links that take you through to a fake website, where you are asked to enter your username and password. Always enable two-factor authentication on your account for better protection where possible.
As always, if in doubt, DON’T, but you know where to come if you need help.
Added: 6th February 2018