Fraud Prevention Series: How to Avoid Spear Phishing, the Most Successful Scam

You’ve heard of phishing, the internet scam of sending emails and messages pretending to be a reputable company in order to trick you into divulging your personal information, such as passwords and credit card numbers. But are familiar with the new practice of “spear phishing”? It’s quickly becoming the most successful form of fraud and acquisition of confidential information and now accounts for 91% of all scam attempts. 

So, what is spear phishing and why is it successful? Spear phishing is a personalized scam that attempts to steal sensitive information from its victims by acquiring personal details in order to pretend to be a friend, employer, or retailer they might frequent. The goal of spear phishing, like regular phishing, is still to glean passwords, personal data, credit card information, or to infect the targets’ device with malware.

Phishing vs. Spear Phishing

To explain the difference between these two scams, we will use the real-life example of fishing.
Regular phishing is like fishing with a net. Phishing scammers send generic messages to large quantities of people to increase the chance of catching victims.

Spear phishing, on the other hand, is like fishing with a single fishing pole. Spear phishing focuses on individual victims and relies on carefully researching their targets so that the attack appears to be from a trusted source. It uses social engineering to appear legitimate and deceive its victims.

What to Look Out For

Here is a list of the most common indicators that an email or message you have received is fraudulent.

• The email address is incorrect
• The message has an unusual sense of urgency or panic
• There are spelling or grammar mistakes
• It contains suspicious links with spelling mistakes or that don’t match the domain name
• It includes suspicious attachments
• It asks for confidential information like your username and password or credit card info

How to Avoid Spear Phishing Attacks

There are several ways you can avoid being taken advantage of by spear phishing

• Be wary of all emails and messages you receive asking for personal information
• Use spam filters and change browser settings to prevent fraudulent websites from being displayed
• Change your passwords on a regular basis, and never use the same password for multiple accounts
• Never submit confidential information on forms embedded in or attached to email messages
• Update and maintain anti-virus software to block fake websites and authenticate legitimate banking and shopping sites

If you believe the email or message you received might be a spear phishing attack, you can also always check with the person or organization that the message claims to be. Verifying the sender is always the safest way to avoid falling victim to a spear phishing scam.

Reminder: MSU Federal Credit Union will never call you asking for personal or sensitive information. Please notify us if you receive a suspicious call, email, or text message from someone claiming to be from MSUFCU. To learn more about signs of fraud, visit msufcu.org/securitycenter.