Don't Get Hooked By Spear Phishing
Published, May 20, 2013
"Phishing" is a criminal activity in which an adversary attempts to fraudulently acquire sensitive information by impersonating a trustworthy person or organization via email. "Spear phishing," however, takes this email threat to a new level.
Instead of sending thousands of emails at random, spear phishing targets select groups of people with something in common. For example, they may work at the same organization, bank at the same financial institution or attend the same college. The fraudulent emails are supposedly sent from organizations or individuals from whom potential victims would be familiar, which means the perpetrators already know specific information about the potential victims. Spear phishing emails may contain personal data such as a person's name, phone number, address or work-related information in order for cyber thieves to commit identity fraud.
To avoid becoming a spear phishing victim, take the following precautions:
- Most companies, banks, agencies and other legitimate businesses do not request personal information via email. If in doubt, contact the business, but do not use the phone number provided in the email.
- Never click a link embedded in an email. Enter the URL manually in a browser.
- Never open attachments from strangers.
- Tell friends and co-workers to notify you before they send an attachment. This will reduce your risk of becoming an identity theft victim.
- Never assume that because you know the address from which the email was sent that it is safe.
- Always monitor personal financial accounts and check credit reports.
The Navy Marine Corps Intranet email exchange servers have anti-spam filters to keep spear phishing to a minimum. However, when a suspected spear phishing message is received, send it with the word "SPAM" in the subject line, including the original header information, to:
NMCI_SPAM@navy.mil for Navy users, or
usmc_anti-spam@nmci.usmc.mil for Marine Corps users.
View more Fast Facts.