Spear Phishing: Scam, Not Sport
A Public Service Guest Document
by Norton Symantec
The latest twist on phishing is spear phishing. No, it's not a sport,
it's a scam and you're the target. Spear phishing is an email that
appears to be from an individual or business that you know. But it
isn't. It's from the same criminal hackers who want your credit card
and bank account numbers, passwords, and the financial information on
your PC. Learn how to protect yourself.
Email from a "Friend"
The spear phisher thrives on familiarity. He knows your name, your
email address, and at least a little about you. The salutation on the
email message is likely to be personalized: "Hi Bob" instead of "Dear
Sir." The email may make reference to a "mutual friend." Or to a recent
online purchase you've made. Because the email seems to come from
someone you know, you may be less vigilant and give them the
information they ask for. And when it's a company you know asking for
urgent action, you may be tempted to act before thinking.
Using Your Web Presence Against You
How do you become a target of a spear phisher? From the information you
put on the Internet from your PC or smartphone. For example, they might
scan social networking sites, find your page, your email address, your
friends list, and a recent post by you telling friends about the cool
new camera you bought at an online retail site. Using that information,
a spear phisher could pose as a friend, send you an email, and ask you
for a password to your photo page. If you respond with the password,
they'll try that password and variations to try to access your account
on that online retail site you mentioned. If they find the right one,
they'll use it to run up a nice tab for you. Or the spear phisher might
use the same information to pose as somebody from the online retailer
and ask you to reset your password, or re-verify your credit card
number. If you do, he'll do you financial harm.
Keep Your Secrets Secret
How safe you and your information remain depends in part on you being
careful. Take a look at your online presence. How much information is
out there about you that could be pieced together to scam you? Your
name? Email address? Friends' names? Their email addresses? Are you on,
for example, any of the popular social networking sites? Take a look at
your posts. Anything there you don't want a scammer to know? Or have
you posted something on a friend's page that might reveal too much?
Passwords That Work
Think about your passwords. Do you use just one or easy to figure out
variations on just one? If you do either, you shouldn't, because you're
making it easy for a scammer to get access to your personal financial
information. Every password for every site you visit should be
different, really different. Random letters and numbers work best.
Change them frequently. Your Internet security software and operating
system can help you keep track of your passwords.
Patches, Updates, and Security Software
When you get notices from software vendors to update your software, do
it. Most operating system and browser updates include security patches.
Your name and email address may be all it takes for a hacker to slip
through a security hole into your system. And it almost goes without
saying, you should be protected by Internet security software, and it
should always be up to date.
If a "friend" emails and asks for a password or other information, call
or email (in a separate email) that friend to verify that they were
really who contacted you. The same goes for banks and businesses. First
of all, legitimate businesses won't email you asking for passwords or
account numbers. If you think the email might be real, call the bank or
business and ask. Or visit the official website. Most banks have an
email address to which you can forward suspicious emails for
And always remember: Don't give up too much personal information
online, because you never know who might use it against you. Or how.
- Norton Symantec Security Systems
Published on November 20th, 2015
The M+G+R Foundation
Please Note: If the above dated image does not appear
on this document, it means that you are not viewing the original
document from our servers. Should you have reason to doubt the
authenticity of the document, we recommend that you access our server
again and click on the "Refresh" or "Reload" button of your Browser to
view the original document.