What is a spear phishing scam

ou’ve probably heard of phishing scams: fraudulent e-mail messages or fake Web sites designed to steal your identity. Scam artists “phish” in an attempt to persuade millions of people to disclose sensitive information. For information on standard phishing scams, see Recognize phishing scams and fraudulent e-mails.

What is a spear phishing scam?

Spear phishing describes any highly targeted phishing attack. Spear phishers send e-mail that appears genuine to all the employees or members within a certain company, government agency, organization, or group.

Spear phishers often customize e-mails with information they’ve found on Web sites, blogs, or social networking sites like Facebook or MySpace. They also might create fake social networking login pages to lure people into sites where they’re used to entering personal information.

The message might look like it comes from your employer, or from a colleague who might plausibly send an e-mail message to everyone in the company, such as the head of human resources or the person who manages the computer systems, and could include requests for user names or passwords.

The truth is that the e-mail sender information has been faked or “spoofed.” Where traditional phishing scams are designed to steal information from individuals, spear phishing scams work to gain access to a company’s entire computer system.

If you respond with a user name or password, or if you click links or open attachments in a spear phishing e-mail, pop-up window, or Web site, you might become a victim of identity theft and you might also put your employer or group at risk.

Spear phishing also describes scams that target people who use a certain product or Web site. Essentially, scam artists will use any information they can to personalize a phishing scam to as specific a group as possible.

The good news is that you can help avoid spear phishing scams by using some of the same techniques you already use to help avoid standard phishing scams.

More at Microsoft

Related posts:

1. Phishing and pharming
2. Phishers started baiting to target holiday shoppers
3. Gmail secure paypal and ebay users
4. Phishing and Online Fraud Undermine Customer Confidence
5. PhishTank vs. Anti-Phishing Working Group
6. Phishing Supply Chain–Part 2 of 2

Related posts brought to you by Yet Another Related Posts Plugin.