The Internet is rife with an assortment of threats. Since the early days of spam and adware, malicious programs have been looking for ways to brick your system. Viruses, executables, and most recently phishing scams now form a network of problematic threats.
Phishing has become especially popular over the last few years. One method in particular called “spear phishing” is among the more dangerous and successful methods used by third parties to steal your information.
Spear phishing essentially works by trying to hijack your information through links, typically found in emails. While that sounds easy enough to spot, phishing scams and their related payload emails have gotten better at disguising their purpose. They cloak themselves with the dressings of a professional email, working to look as official as possible.
One such example would be spear phishing emails that look like they come from PayPal. Everything from the sender address to the logo to the email’s construction all appear like the real thing. However, it’s the content that’s usually strange. The email claims there’s a problem with a person’s account, usually trying to get them to react quickly to a nonexistent problem. They might even claim the account has been compromised, providing a convenient link to “reset” their account information. What’s actually happening, however, is nothing has changed, and entering the account info gives hackers direct access to that person’s PayPal.
On top of this, you might see an email from a “friend” or an address you recognize. The pattern here is malicious third-parties are trying to use familiarity against you. They rely on a lack of scrutiny and curiosity to make their move, and typically by the time a person realizes something is wrong, it’s too late.
So how do you deal with it? Essentially it’s a mix of practicing skepticism and adjusting how much personal information you make available. Social media exposes us in numerous ways, and that’s what the hackers look for: How many friends you have, places you work, and things you like. If you have too much information regarding accounts or official business items, you might want to consider cutting down.
As always, it’s important to practice lots of skepticism. Official emails don’t typically alert you to account problems without specifying exactly what it is. For example, if an unknown computer tried to log into your account, it’s likely you’d receive an alert for it. Emails that seem official but feel shady are worth avoiding. It’s better to avoid any email links and go straight to the account to see if something is actually wrong.
Above all, maintain a careful approach towards anything you don’t trust completely and always be on the lookout for suspicious sounding emails.