Phishing (sounds like fishing), is a social engineer attempt to get the targeted individual to disclose all the personal information like user names, account numbers, sensitive data and passwords. This is often done set up fake web sites that mimic original, emails from corporations, banks, and customer support staff. Other forms of phishing attempt to get users to click on hyperlinks that will allow malicious code to be installed on the targets computer without their knowledge. This malware will then be used to remove data from the computer or use the computer to attack others. Phishing normally is not targeted at specific users but may be everyone on a mailing list or with a specific email address extension, for example all the users with extension “@companyName.com”.
What is Spear PhishingSpear Phishing is a type of phishing in which the target users are specifically identified. For example, the attacker may research to find the email addresses of the Chief Executive Officer (CEO) of a company and other executives and only phish these people. Spear phishing research their victims in detail in order to create a more genuine message, as using information relevant or specific to a target increases the chances of the attack being successful.
How to get rid of this attack?
- It's easy for phishers to create fake websites that look like the genuine article, complete with the logo and other graphics of a trusted website.
- If you're not at all sure about a website, do not sign in. The safest thing to do is to close and then reopen your browser clear your cache/history and then type the URL into your browser's URL bar. Typing the correct URL is the best way to be sure you're not redirected to a spoofed site.
- Give a fake password. If you not sure if a site is authentic, don't use your real password to sign in. If you enter a fake password and appear to be signed in, you're likely on a phishing site. Do not enter any more information; close your browser. Keep in mind, though, that some phishing sites automatically display an error message regardless of the password you enter. So, just because your fake password is rejected, don't assume the site is legitimate.
- Use a Web browser with antiphishing detection. Internet Explorer, Mozilla Firefox, Web browsers have free add-ons (or "plug-ins") that can help you detect phishing sites.