Spear-phishing refers to phishing messages or calls where the scammer knows specific information about you and uses it to target you in their scam.
This could be through a scam message that knows where you went to school, your date of birth or when you last went on holiday, for example.
Read on to discover what happened to Tali and how you can avoid being spear-phished.
Spear-phishing: how I was targeted
Tali Ramsey, Which? writer, says:To begin with, he only had my name. So he used this to look up my social media accounts and online presence.
He found two email addresses for me, as well as a website I’d completely forgotten about that I’d made in 2019 to showcase my freelance writing and film work – this became a goldmine for Jake.
He decided to impersonate a producer and reach out to me about working together.
Spear-phishing message
undefined
Posing as a real person
Jake posed as a media professional – and my quick Google search revealed this was a real person, making the message look even more convincing. The ‘producer’ expressed interest in the portfolio of creative work on my site.Jake said that if he was a real fraudster, he’d probably engage with me via a LinkedIn message or phone call.
How scammers get you to trust them
Here’s how Jake tried to scam me. Keep reading to find out how you can avoid getting caught out:
‘Dear Ms Ramsey’:‘AI can help the mental health crisis and as part of my research’:‘I have been reading about your work which looks a perfect fit’: ‘Best wishes, [name redacted] Media. LinkedIn’:‘We are working on a BBC Three documentary’:‘The short online Google form’: ‘Your background and writing style is incredible’:‘Ultimately we are looking for people to contribute to the programme’: ‘One of the team will ring you’:How do scammers create spear-phishing messages?
Sometimes scammers will send mass generic phishing messages as the starting point for spear-phishing.
Jake told us: ‘Fraudsters can use malware to gain information from a target device. Spyware and keyloggers are pieces of malicious software that reside on a phone, laptop or tablet and send personal and sensitive information back to the controller to learn about the victim.
'This could include passwords, banking details, even the contents of emails and can help build a victim profile further.’
So mass phishing messages can either spread malware to spy on you or get you to enter your details into a dodgy website, then use that data to target you with a more personalised spear-phishing scam.
4 ways you can avoid being spear-phished
Oversharing on social mediaFilling in data on dodgy websites:Not having antivirus installed: Speaking to scam callers:source https://www.which.co.uk/news/article/ways-you-can-avoid-being-victim-spear-phishing-scam-ahhtv4N215yL