Spear phishing is a targeted email attack in which a hacker uses email to masquerade as someone the target knows and trusts.
This is often as simple as copying the name of a CEO from a company website and then sending an email using this name to anyone on the company’s corporate domain.
Spear phishing is the single most common (and effective) social engineering tactic. You’ve likely seen subject lines like these before and hopefully hit “delete” right away:
- "Notice of pending layoff: Click here to register for severance pay."
- "In an effort to cut costs, we’re sending this year’s W-2s electronically."
But hackers are getting more convincing and creative with email that, when opened, infects your machine. Here are a few security tactics to watch for…
- USING THE NEWS AGAINST YOU – Whatever’s getting attention in the news can be used as social engineering lures. For example, 2016 has seen a rise in the number of spam messages related to the presidential campaign.
- ABUSING FAITH IN SOCIAL NETWORKING SITES – Millions of people use social networking sites like Facebook and LinkedIn daily, so they develop a certain trust in them. Then, when an email says, “Your Facebook account is undergoing routine maintenance, please click to update your information,” you don’t think twice before you click.