close
    search Buscar

    What is spear phishing and how to protect yourself

    Who I am
    Aina Prat Blasi
    @ainapratblasi

    Item Feedback:

    content warning

    Have you ever received an email from the fictional "Nigerian prince" who has so many riches hidden somewhere but needs your help to recover them? By the way, this particular phishing scam is one of the longest-running Internet frauds, so the "prince" manages to earn even more than € 700.000 every year.


    This is just one of the many examples of phishing attempts that hackers and other cybercriminals use when trying to obtain personal information or sensitive data from unsuspecting people. Phishing attacks are common, but there is a more targeted type known as Spear Phishing. We will explain what it is, how it works and how you can prevent such an attack.



    Learn more about the topic by reading these articles:

    • How to recognize a phishing email
    • 5 simple ways to protect yourself from phishing attacks
    • What is phishing?
    • How to block Phishing without installing any program

    What is spear phishing?

    In general, phishing comes in various forms, including fake social media messages or scam emails and so on, with a link to a bogus website steeped in malicious code and various threats. The attacker's main purpose is to get you to click on the link and enter your details.

    Nowadays, however, phishing attempts are more sophisticated as sites full of malware and other threats look and work almost the same as real sites you normally visit. Spear phishing is one of these sophisticated but highly targeted attacks aimed at certain companies or individuals.


    Attackers gather sensitive and personal information about their targets, which increases the chances of their plan's success. Yes, it is very easy for high-ranking individuals and executives of large corporations to fall victim to such attacks, thus giving access to the company's funds or network.



    How spear phishing works

    Spear phishing differs from other forms of phishing because, in this case, the offender already has some information about the target before the attack.

    Scammers act as trusted parties and trick you into sharing your personal or sensitive information with them. It's not that hard for someone to find out about you online, especially from social media.


    With your data in hand, for example, your residential or tax information or workplace details, the perpetrators will try to get you to trust them and see how far they can go with the scam.

    The fact that the information they use appears legitimate, you are more likely to download any attachments or click on any links they have sent you. Some of these links lead to fake sites that require a password or are full of malware and trackers.

    Others may ask you to send money, enter your bank or credit card information, or your Social Security number. When the crooks of spear phishing they target individuals, they tend to pretend to be people you trust, telling you that you owe money, that you have unpaid dues or that your account will soon be closed / blocked. They may also offer you some advantageous offers to force you to download something.


    Spear phishing attacks against businesses are also highly targeted and usually target mailboxes. The scammer poses as a company manager and asks an employee to transfer some funds to the scammer's account.


    Sometimes, clicked links or downloaded attachments can open your devices, giving attackers remote system access that helps them steal your information or disable your antivirus software altogether so you don't get threat alerts.


    How to protect yourself from spear phishing

    According to a study conducted by Intel, 97% of people cannot identify phishing emails - a huge number. Thankfully, there are a few steps you can take to protect yourself from spear phishing and related attempts, such as:

    • Looking at what you post on the Internet. Check how much personal information you have posted on your social media pages and other public sites. You can also configure your privacy settings to limit what other people can see.
    • Update your software regularly, as updates come with security patches that help protect you and your devices from attacks. A good practice here is to enable automatic updates for software and apps you use regularly.
    • Click only on links that you know and ignore suspicious looking links or emails. Many spear phishing scammers mask link destinations using legitimate looking URLs on anchor texts, so you are tricked into clicking and downloading malware.
    • Use smart passwords. These can be variations of the passwords of the accounts you own, which protect your accounts from being attacked all at once in case you only use one password for everything.
    • Check carefully all email addresses that claim to come from your "friend", "boss" or "colleague", especially those that ask you to submit personal data such as passwords or other information.
    • Use a VPN when using your devices in public places.
    • If you run a business or organization, have a data protection program in place that educates users on best practices and how to implement data protection to prevent data loss during such attacks. It is also advisable to have data loss prevention software to prevent unauthorized access to sensitive company data.

    To conclude

    Unlike the usual phishing attacks that play on your gullibility, spear phishing plays on your trust. We hope you now know what it is and how to protect you and your business from spear phishing attacks.



    Further Reading:

    • How to fix Avast won't open on Windows
    • Did you receive this email from the Revenue Agency? Don't open it, it's a scam
    • How to recognize a phishing email
    • How to log out of Facebook on all devices
    • How to block emails on Gmail
    add a comment from What is spear phishing and how to protect yourself
    Comment sent successfully! We will review it in the next few hours.