The Internet offers countless advantages, but it is not free of threats that compromise security and personal information. Phishing and spear phishing are two common attacks that any Internet user can encounter, regardless of whether they are a private individual, a large company or the government itself. Read on to find out what spear phishing is, how it differs from ordinary phishing and how you can protect yourself from this threat.
What is phishing?
Phishing is an email-based computer attack that seeks to collect the victim’s personal data in order to steal their identity. The phishing process consists of three phases:
The attacker sends the victim an email that looks trustworthy. This may be an email that is sent through a bank, an NGO or from the government, for example.
This email contains a link that redirects the victim to a malicious website that asks them to enter their personal information: passwords, bank account numbers, social security number, etc.
Once the information is collected, it is sold or used for illicit purposes.
What is the difference between phishing and spear phishing?
Don’t confuse phishing with a more specific variant called spear phishing. The fundamental difference between the two threats is that, while a phishing attack is launched indiscriminately to individuals and companies, spear phishing has a specific goal. This variant is much more dangerous and difficult to identify because it is programmed and crafted specifically for the victim using social engineering techniques, and pays more attention to detail to appear more convincing in order to collect private information.
How can you protect yourself against spear phishing?
Due to the highly customized nature of these attacks, it is not easy to protect against them. Prevention is the best defense in this case. Therefore, in addition to having adequate IT security systems, users (whether they are employees of a company or individuals) must be conscientious of this type of threat.
Knowing how spear phishing works and what the consequences are will help avoid many problems. Good IT security training is critical to shielding yourself from this threat. Another golden rule is to remain vigilant before opening emails and to not click unconsciously and automatically without first asking yourself the necessary questions to detect a possible threat. Before opening an email, it is a good idea to ask yourself:
Is the email expected? In everyday life, emails arrive almost constantly, many of them new and unexpected. Be wary of emails sent at odd hours (in the early hours of the morning or during holidays) requesting valuable information.
What domain was it sent from? Most companies operate personalized email accounts, so it is easy to identify the sender. Be wary of emails that come from an unfamiliar domain and request personal information or information of interest to the company.
How is it written? Emails containing spelling mistakes or meaningless sentences and that lack consistency should be regarded as suspicious.
What information is being requested? If the email asks for information that could be deemed personal or valuable to the company, it is advisable to ensure that it is legitimate by carrying out the necessary checks (e.g. contacting the sender personally by telephone) before providing any information.
The key to protecting yourself against spear phishing is to adopt a critical and conscientious attitude and avoid becoming complacent when using email. It takes some effort, but it can save you some serious headaches in the future.
The Internet is an essential tool in our everyday lives, whether at work or during personal use, but sometimes it can carry some dangers. At BBVA, we ensure that the products and services we offer meet the highest standards of computer security to guarantee the protection and integrity of your information. Visit bbva.es to learn more about how we protect your data online.