Scam Alert: New Personalized Scamming Called Spear Phishing Grows in Popularity

Phishing scams have a dark new iteration

Image source: Pixabay.com

We like to keep our readers apprised of the latest scams, and a new one has recently come to our attention. We've written before about Phishing Scams, which try to gain access to your usernames, passwords, or credit card information via email by pretending to be a trusted resource. Common phishing scams include emails purporting to be from eBay, PayPal, your bank, or your credit card company. These missives tell you that your account was compromised or must be updated. Then when you log in by clicking a link in the email, they record your user name and password and use it to steal your identity, drain your accounts or make unauthorized charges.

The whole basis of a phishing scam is to masquerade as a person or company you can trust. The latest iteration of this scam, called spear phishing, is even more dubious and enticing. Norton Security describes it this way: “The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you.” Spear phishing is a scam by the same old fraudsters that were sending out eBay and Bank of America emails but now they've upped their game. They build a profile of you and use it to lull you more effectively into a false sense of security.

And where are they getting the information to perpetrate the scam? It's all from you! Most everyone has a significant web presence these days and some more than others. Whether it's Facebook, Twitter, dating sites or other social media, there is a wealth of information floating around about you. If someone took the time to scour the internet for information about you, they could quickly build a pretty accurate profile of your interests, where you live, your contact information and more. Even comments you leave on Facebook and blog sites can help feed this beast.

If you complain about a specific bank, mortgage lender or credit card company in a Tweet or Facebook post, that helps them build their profile. The information you put out on the web to share with your friends can become a resource for potential scammers. Unlike other forms of random or widespread hacking, spear phishing is very targeted. The goal is to create an email message that speaks to you in a personal way and encourages your trust to get you to click on a link. It can be from a trusted company, one of your online friends, your boss or a coworker.

The file may be in a web link, a direct download link or the email may include a Dropbox file that bills itself as a work file, software update or vacation photos from a friend. Once you click, malware (malicious software) is downloaded to your computer and can cause untold damage. Malware can be tricky to remove because the most recent sophisticated versions include code that shuts down or evades your security software or anti-virus program.

Here's our advice to avoid falling prey to a spear phishing scam:

#1 Review your web presence. Google yourself and see what turns up. You may be surprised. Your LinkedIn profile will show where you work, and that's okay, but you may want to make it as private as possible. Combine this with your Facebook and Twitter, and it's easy to find out lots of private info. Check out all your social media sites and clean off any mentions of your financial companies, credit cards, things you're purchasing or refinancing and anything to do with your money, job or sensitive info. If you have a security clearance, this is especially important. Be sure also to check what you posted on other people's pages. Go back and delete anything that can fuel a phishing scam.

#2 Get serious about your passwords. Most of us are pretty lazy about our passwords. We use the same ones across multiple sites and don't change them frequently. Why? It's hard to remember them all, and most of us have tens or even hundreds or websites we regularly or periodically use that require a password. To allow you to use more sophisticated passwords without overloading your brain, try a service like LastPass. It records your password with deep encryption then the only password you need to remember is the one to launch LastPass. Then it will auto fill your web passwords for you. If you use a program like this, be sure to choose an aggressive password and change it every couple of months just to be safe.

#3 Keep your software updated. None of us like to get that message that our computer or software needs an update because that means you have to close your applications and sit through a long installation and reboot. The same goes for your software, apps and security programs. You get the pop-up that you need to update, but most of us click “later” and keep going then don't go back to it. You should always do these updates as requested to protect yourself best from viruses, malware, and other Internet nasties.

#4 Be smart about links. If you get any emails asking you to reset a password, click a link or any message you were not otherwise expecting, don't click it. Once you do, it can't be undone. Most companies will not contact you this way and ask you to enter password or account information. If you do get an email and are worried it's authentic, there's a couple of things you can do to vet it. If it's a message from your bank or credit card, just call them.

Do not use a number provided in the questionable email – that's likely part of the scam. Call your bank from their website listed contact number and tell them what's going on and asks if it's legitimate. If you get a file or link from a friend you weren't expecting, call or text them to ask if they know what it is. Don't assume that an email is probably benign – that can be disastrous.

If you have been taken advantage of in a scam, contact the North Carolina Department of Justice to report the incident.

If you're struggling with debt and looking for a financial fresh start, contact the law offices of John T Orcutt to find out how a well-timed North Carolina bankruptcy can help you. Call +1-833-627-0115 for a free consultation and be sure to ask about zero-down bankruptcy.