Emails from Nigeria designed to separate fools from their money are a joke these days. But what’s no laughing matter is the increasingly sophisticated art of mining highly personal data from company websites and using it to maliciously craft what appear to be emails from friends or colleagues.
It’s known as spear phishing and it accounted for more than 90% of targeted attacks in 2012, according to a study by Trend Micro. The goal is to lure you into opening malicious files or visiting malicious sites and then to fleece you (or your company).
The best way to keep from being attacked is to limit the amount of info strangers can access. If, for example, spear phishers can Google your email address, you’re more likely to be targeted. The same goes for sensitive company data. Something as innocent as an out-of-office message might provide fodder for a spear fisher.
Of course, unflagging vigilance is the best defense. Is that email legit? If you have any doubt, check to make sure.
To read the TrendMicro report on spear phising, go here.
Tags: spear phishing