Spear Phishing: Don’t Become Lunch for Hackers

Spear Phishing: Don’t Become Lunch for Hackers

We regret to inform you that you have no unknown relatives, foreign royalty, or unknown companies willing to leave you millions of dollars. If someone tells you otherwise, you are probably a victim of spear phishing.

Phishing and spear phishing as its more direct form is a way how hackers and thieves scam you online to give out your personal information. Sometimes they will even ask for money directly.

Those who are not careful about where they leave their information can easily find themselves contacted by someone pretending to be a reliable website or person. Unlike visible scams, these traps will lead you to a website that looks familiar. And while you may think you are visiting Facebook, Google, or Amazon, you are being phished.

There are a couple of ways to protect yourself directly. With premium VPN providers such as Le VPN, you can mask your IP address and prevent being targeted. Additionally, as your data will be encrypted, there is little chance of someone finding out how and where to trick you. After that, it is all up to vigilance and cyber hygiene.

What is Phishing?

Spear Phishing: Don’t Become Lunch for Hackers. | Le VPN

In its essence, phishing is a type of scam where the scammer pretends they are someone you already trust. This attack can come at various levels and using different platforms, depending on the level of data the scammer has on their target.

Those trying to scam people usually make whole websites or pages to fool someone into giving their private or financial information, or to send money directly.

In certain cases, these attackers will cast a wide net with no specific information that would entice you to click on their link. But, for those that are not careful, a lot of your data can be available. Direct attacks like this can lead to spear phishing, which are targeted attacks and a more dangerous form of the scam.

What is Spear Phishing?

Unlike regular phishing, spear phishing is targeted specifically at an individual. In that case, the scammer will know your name, address, and even some additional purchase information.

For instance, the hackers may know that you have small children in your family from the information they have collected over Facebook or some other social media. Then they will send you an email informing you that your child has made a purchase and that you need to confirm your financial data to affirm or deny the sale.

Once you send the data they need, they will access your account and steal any money that they can find. Other financial data, such as your card info, will be further sold to identity thieves and other malicious entities.

How to Tell if You are Being Scammed?

Thankfully, even if you don’t know how does VPN work, there are ways to protect yourself. Few behavioral adjustments in your internet routine can prevent you from getting scammed.

Primarily, you should be aware of who might ask for your information and why. No company, bank, or any other entity would ever ask for a password or PIN, as they already have that info. There will never be a need to confirm your email and password over an email, message, or phone.

And, if you are ever asked to visit a website over an email or message, take a good look at who is sending the message. Very few companies will send such a request on their own. But, hackers can make spoof websites that look like the ones you are used to.

The best tell is that these websites will have a different URL.

For an example of spear phishing, a lot of emails have leaked from the software developer Electronic Arts, better known as EA. While we believe that EA would sell the hackers their website as a DLC, this has not yet happened. The domain names would be other than .com or .org with the email using some small country domain extensions.

Types of Phishing

Phishing attacks come in several flavors and each can be found in different places. Some types of phishing are reserved for email and SMS messages, while others are more frequent on dating platforms such as Tinder.

In all of these cases, the starting point of the scam is the little bit of private information someone has on you. This catalyst can be your name, your phone number, your IP address, or any other piece of data.

Funny enough, if you are using a VPN app and practicing other forms of protection, these scams can fail quite spectacularly. Bots don’t distinguish between your real name and a pseudonym and will call you xXxNooBHunter69xXx in what is supposed to be an official email from your bank.

Wide Net Phishing

Certainly the most prevalent type of phishing, this scam has been around for more than a decade. Currently, it is usually done by bots and use large email databases to send as many emails as possible.

Generally, the email will contain your name, or just address you as ‘’Sir or Madam’’. It will contain a scam link which might even infect your calendar or settings. In most cases, it will present a problem with your device or service you may have, and that you need to enter more personal information to solve this issue.

At the moment, most email providers will block a spear phishing email and similar types of messages, but some may pass through. Thankfully, they will usually be obvious and easy to notice as a scam. Without any information, they will ask for yours, which is not something any company would ever do.

Spear Phishing

As we hold increasing amounts of data on our phones and mobile devices, we usually seed a lot of it around. Because most users don’t have adequate cyber hygiene, their data is sometimes used against them.

When spear phishing emails, the attacker knows exactly who you are and which services you use. They might have taken your name and information from hacking, or simply from social media. In any case, they will know who you are and what might be the best way to trick you into clicking that dirty link.

Most people will not notice that the website sending the message is not the same as the regular URL, as it will usually be quite similar. For instance, the name might be Faceb00k with zeroes instead of O’s, or some similar configuration. Once you give your data you will be transported to the real website. This way you might not even notice the scam once it’s done.

Additionally, this type of phishing might install spyware and even malicious apps on your phone or other mobile devices. By using your primary phone, they will be able to access your financial information and much more.

2-Step Verification Burner

A tip directly from spy movies, this is a good way to protect yourself from attacks that target your phone and 2-step verification.

If they gain access to your phone, hackers will be able to clone your number and change your passwords and financial information behind you. This will basically cut you off from your own online identity.

This is why you should use an unlisted burner phone as your 2-step verification device. Ideally, this phone shouldn’t even be able to access the internet. Keep this phone in a secure place where you often do online purchases.

With this technique, you might not prevent the theft of your social media and some accounts. But, you will be able to prevent someone from taking out an online loan in your name or maxing out your credit card.

Catfishing or Catphishing

Catfishing sounds funny because it is usually connected to a person’s failed romantic endeavors. That is before it happens to you.

By the definition of this scam, the other side is not presenting itself as a company or a service, but as an attractive romantic prospect. The scammer will usually use pictures from foreign Instagram models and browse through dating apps to find someone to chat with them.

The main difference of catfishing vs. spear phishing is that the ‘’catfish” doesn’t need to know your data. If they can trick you into believing them, you will give it yourself. Even here they will sometimes send a link that will lead to a doggy website but can also steal your info outright.

Finally, some catfish are humble in their demands and work on volume. They might present themselves as in need of financial assistance and ask you for money openly. Those with a kind heart or uncontained lust might be fooled to do this multiple times.

The Nigerian Prince

This exact scam might be old and well-known phishing scam in cybersecurity circles, but there are newer iterations.

In the same way, how spear phishing focuses on fear and catfishing focuses on lust, the ‘’Nigerian Prince’’ aims to exploit your greed. Not to sound like Saint Thomas Aquinas, but in this case, a virtuous life does mean a happy life.

With these types of spear phishing scams, the thief tries to take both your money and your financial information. In exchange, they promise vast amounts of money transferred to your account, as soon as you pay the small nominal fee.

All kinds of things can be offered this way, from houses to new gadgets, and even royal titles.

While there are other ways to detect such a phishing email, the best way is being reasonable. If something sounds too good to be true, it’s usually because it is a scam.

Protecting Yourself from Phishing

As the old saying goes: ‘’Better safe than sorry’’.

It is much easier to prevent from ever being a victim of phishing than dealing with the consequences. And, with just a couple of tools and a bit of knowledge on how to detect scams, you will be safe and sound from this cybersecurity risk.

VPN and Anonymity

The best way not to be attacked is to be absent. By using a VPN and a pseudonym on your social media, there will be no data to use in phishing attempts.

Premium VPN providers have multiple servers all around the world that will mask both your IP address and your location. Le VPN has secure servers in over 100+ locations, all with military-grade protection protocols.

And, if you don’t use your full name on social media, this will untie any other information from your accounts. Simply use a nickname that will be recognizable to your friends and family, but not to foreign hackers.

Finally, you should use a VPN on all of your devices. Aside from your desktop, laptop, and smartphone, you should protect your IoT devices. VPN providers give options such as a VPN for Firestick or other devices that connect to the internet.

Anti-Malware and Anti-Spyware

Even if you are using a premium VPN package, you should have protective software. These apps will clear any malware or spyware they find and inform you if you are in danger.

Additionally, you should keep your operating system up to date, with all the protocols enabled.

Constant Scrutiny

Being careful might not be the ‘’high tech’’ solution you are looking for, but it is the best advice you can get.

If you ever receive an email that asks you to click a link or send any data, read what it says carefully. Also, search the sender’s email or URL to see if someone has flagged them for a scam. No company or service will ever ask for your private information without you starting the process.

Also, regretfully, very few Instagram models will be infatuated with you over dating apps for no reason. If such a thing happens, just ask them for a selfie in plain clothes.

Cyber Hygiene

This ‘’Cybersecurity October’’ will be in the sign of cyber hygiene. Similar to regular hygiene, it means keeping your devices and your behavior clean.

Everyone should make a routine to clear their browsing data, personal information, and intimate content from their devices. Keep an external drive with everything you want to keep and disconnect it from your devices and the internet.

The best spear phishing defense is to leave nothing to be gathered. This way you will pass unnoticed by hackers, scammers, and other dangers that lurk online.

What if You are Caught with Spear Phishing?

Nobody plans on being a victim. But, it still happens. Even with the best protection, a short lapse in judgment can leave you with your information exposed and all of your devices endangered.

Solving the problem might not be pleasant. But, if you act quick, you may not have any damage to your name and property. Quickly start changing your passwords and canceling your credit cards.

Additionally, inform your friends and family that your account might be compromised and that they shouldn’t click on anything you send them for the foreseeable future.

Change Your Info and Passwords

Start with the basics first and then go down the list. Google, iCloud, Amazon, and your banking certificate should be the first to be changed. Also, call your mobile provider and check if your phone is being cloned and inform them about such a possibility.

Cancel Your Cards and Change Financial Information

As soon as you notice that your information is compromised, cancel all of your debit and credit cards and change your password to access the bank’s website.

Remember to withdraw some cash for a few days before you get everything in order.

Additionally, if you have any money stored as cryptocurrency, change the passwords and log-in details for your cold storage and hot wallet.

Call the Authorities

In most countries, worldwide phishing is considered a scam and is punishable by law. Although the chances of the perpetrators being caught are slim, this will prevent them from misusing your identity.

Advise with the police how to behave and inform any institution that you might be in danger of identity theft. Keep some sort of identification paper at your person at all times until the issue is resolved.

Finally, if there is a risk for your business to become victim to ransomware, inform everyone about the situation.

Make a Fresh Start

You don’t need to move from your home, but clearing your devices would be a good start.

If you haven’t practiced cyber hygiene before, now is the time to begin. Collect all of your images, videos, and business files and transfer them to an external hard drive where the attacker will not be able to reach them.

Once you are done, collect your installation disks or USB sticks and clear your entire system. Everything must go in case you were tricked to install malware.

Conclusion

Even though spear phishing is a common scam, thousands of people fall pray every year. If you are not using a VPN and staying anonymous online, there is a big chance that you will get a malicious attachment in your email or private messages.

As October will be observed as a month of cybersecurity in both the US and the EU, this is a good time to learn about these threats and how to mitigate them.

By using premium VPN providers like Le VPN and implementing cybersecurity practices in your daily life, you can stay safe online and browse as much as you want. Scammers and hackers can’t get you where they can’t see you.

spring-season-100x95

SPRING SALE

GET 3 YEARS FOR $79.99

NO LOGS

100+ LOCATIONS

P2P ALLOWED

Easy To Use

30-Day Money Back

Friendly Support

Bitcoin Accepted

Ultra High Speeds

Written by Vuk Mujović @VukMujovic

Vuk Mujović is the founder of MacTíre Consulting, an analyst, data management expert, and a long-term writer on all things business & tech. He authored blogs, articles, and opinion pieces aimed to help both companies and individuals achieve growth without compromising their security. Vuk is a regular guest author to Le VPN Blog since January 2018, where he gives his expert opinion on the topics related to cybersecurity, privacy, online freedom, and personal data protection. He also often shares his tips and best practices in relation to internet security and digital safety of private individuals and small businesses, including some additional applications of using a VPN service.

Leave Comment