menu
Spear Phishing: Don't Become the Hackers' Lunch
Spear Phishing: Don't Become the Hackers' Lunch
We regret to inform you that you have no unknown relatives, foreign royalty, or unknown companies willing to leave you millions of dollars. If someone tells you otherwise, you're probably a victim of spear phishing.

Phishing and spear-phishing, as their most direct form, are the ways that hackers and thieves trick you online to get your personal information. Sometimes they will even directly ask for money.

Those who are not careful about where they leave their information can easily be contacted by someone pretending to be a website or a trusted person. Unlike visible scams, these traps will lead you to a website that looks familiar. And while you may think you are visiting Facebook, Google, or Amazon, you are being scammed.

There are a couple of ways to protect yourself directly. With premium VPN providers like VeePN (https://veepn.com/), you can mask your IP address and avoid being attacked. Also, since your data will be encrypted, there's little chance that anyone will find out how and where to trick you. After that, it's all about care and cyber hygiene.

What is "Phishing"?

In essence, phishing is a type of scam where the scammer pretends to be someone you already trust. This attack can come on several levels and use different platforms, depending on the data the scammer has on his target.

Those who try to scam people often create websites or entire pages to trick someone into giving out their private or financial information, or directly into sending money.

In some cases, these attackers will launch a vast network without specific information that would prompt you to click on their link. But, for those who are not careful, much of your data may be available. Direct attacks like this can lead to phishing, which are targeted attacks and a more dangerous form of scam.

What is Spear Phishing?

Unlike regular phishing, Spear Phishing is specifically targeted at an individual. In that case, the scammer will know your name, address, and even some additional purchase information.

For example, hackers may know you have young children in your family from the information they've collected on Facebook or other social networks. Then, they will send you an email informing you that your child has made a purchase and that you need to confirm your financial information to confirm or deny the sale.

Once you submit the information they need, they will access your account and steal any money they can find. Other financial information, such as your card information, will be sold to identity thieves and other malicious entities.

How Do You Know If You're Being Scammed?

Fortunately, even if you don't know how a VPN works, there are ways to protect yourself. A few behavioral adjustments in your Internet routine can prevent you from being scammed.

Most importantly, you need to know who can request your information and why. No company, bank or other entity would ask for a password or PIN, because they already have that information. You will never need to confirm your email and password via email, message or phone.

And, if you are ever asked to visit a website via email or message, take a look at who is sending the message. Very few companies will send such a request on their own. But hackers can create fake websites that look like the ones you're used to.

The best thing is that these websites will have a different URL.

As an example of spear phishing, many emails from the software developer Electronic Arts, better known as EA, have been leaked. While we believe that EA would sell their website to hackers as a DLC, this has not yet happened. The domain names would be different from .com or .org with email using some small country domain extensions.

Types of Phishing

Phishing attacks come in several flavors and each can be found in different places. Some types of phishing are reserved for emails and SMS messages, while others are more common on dating platforms such as Tinder.

In all these cases, the starting point of the scam is the little private information that someone has about you. This catalyst can be your name, your phone number, your IP address or any other data.

Interestingly, if you are using a VPN application and are practicing other forms of protection, these scams can fail dramatically. Bots can't tell your real name from a pseudonym, and will call you xXxNooBHunter69xXx in what is supposed to be an official email from your bank.

A Wide Phishing Network

Certainly the most common type of phishing, this scam has existed for over a decade. Today, bots generally do this and use large email databases to send as many emails as possible.

Usually the email will contain your name, or simply address you as "Mr. or Ms.". It will contain a scam link that could even infect your calendar or settings. In most cases, it will present a problem with the device or service you may have and say that you need to enter more personal information to resolve this problem.

At the moment, most email providers will block phishing email and other similar types of messages, but some may pass. Fortunately, they will usually be obvious and easy to spot as a scam. Without any information, they will ask for yours, which is not something any company would do.

Spear Phishing

As we store increasing amounts of data on our phones and mobile devices, we generally store large amounts of data. Because most users do not have proper cyber hygiene, their data is sometimes used against them.

By launching spear phishing emails, the attacker knows exactly who you are and what services you use. They may have taken your name and information from the hack, or simply from social networks. In either case, they'll know who you are and what might be the best way to trick you into clicking on that dirty link.

Most people will not notice that the website sending the message is not the same as the normal URL, as it will usually be quite similar. For example, the name could be Faceb00k with zeros instead of O, or some similar configuration. Once you provide your data, you will be transported to the actual website. This way, you may not even notice the scam once it is done.

In addition, this type of phishing could install spyware and even malicious applications on your phone or other mobile devices. By using your primary phone, they can access your financial information and more.

2-Step Verification Burner

A tip straight from the spy movies, this is a good way to protect yourself from attacks targeting your phone and verification in two steps.

If they gain access to your phone, hackers can clone your number and change your passwords and financial information behind it. This will basically strip you of your own online identity.

This is why you should use an unregistered disposable phone as your 2-step verification device. Ideally, this phone should not even be able to access the Internet. Keep this phone in a safe place where you often shop online.

With this technique, you may not be able to prevent theft from your social networks and some accounts. However, you may be able to prevent someone from applying for a loan online in your name or exceeding your card limit.

Catfishing or Catphishing

Catfishing sounds funny because it is usually related to a person's failed romantic efforts. That's before it happens to you.

According to the definition of this scam, the other side is not presented as a company or a service, but as an attractive romantic prospect. The scammer will usually use images of foreign Instagram models and look for dating applications to find someone to chat with.

The main difference between catfishing and spear phishing is that the "catfish" does not need to know your details. If they can trick you into believing them, you'll give it to them yourself. Even here, they sometimes send a link that will take you to a website, but they can also steal your information directly.

Finally, some "catfish" are humble in their demands and work in volume. They may present themselves as needing financial assistance and ask you for money openly. Those with a kind heart or uncontrollable lust may be tricked into doing this several times.

The Nigerian Prince

This exact scam could be an old phishing scam known in cyber security circles, but there are new iterations.

In the same way, as spear phishing focuses on fear and catfishing focuses on lust, the "Nigerian Prince" aims to exploit your greed. Not to sound like St. Thomas Aquinas, but in this case, a virtuous life means a happy life.

With this type of spear phishing scam, the thief tries to take both your money and your financial information. In return, they promise large amounts of money transferred to your account, as soon as you pay the small nominal fee.

Everything from houses to new gadgets and even real estate can be offered this way.

While there are other ways to spot a phishing email, the best way is to be reasonable. If something sounds too good to be true, it's usually because it's a scam.

Protecting Yourself from Phishing

As the old saying goes, "Better safe than sorry."

It's much easier to avoid being a victim of phishing than to deal with the consequences. And, with just a couple of tools and a little knowledge about how to spot scams, you'll be safe from this cyber security risk.

VPN and Anonymity

The best way not to be attacked is to be absent. By using a VPN and a pseudonym on your social networks, there will be no data to use in phishing attempts.

Premium VPN providers have multiple servers around the world that will mask both your IP address and location. The VPN has secure servers in over 120 countries, all with military-grade protection protocols.

And, if you don't use your full name on social networks, it will trigger any other information in your accounts. Just use a nickname that is recognizable to your friends and family, but not to hackers.

Finally, you should use a VPN on all your devices. In addition to your desktop computer, laptop and smart phone, you should protect your IoT devices. VPN providers offer options such as a VPN for Firestick or other devices that connect to the Internet.

Anti-Malware and Anti-Spyware

Even if you are using a premium VPN package, you must have protection software. These applications will remove any malware or spyware they find and let you know if you're in danger.

You should also keep your operating system up to date, with all protocols enabled.

Constant Scrutiny

Being careful may not be the "high-tech" solution you're looking for, but it's the best advice you can get.

If you ever get an email that asks you to click on a link or send data, read it carefully. Also, look up the email or the sender's URL to see if someone has flagged it as a scam. No company or service will ask for your private information without you starting the process.

Also, unfortunately, very few Instagram models will be in love with you for no reason. If such a thing happens, just ask them for a selfie dressed normally.

Cyberhygiene

This "October for CyberSecurity Awareness" is a sign of cyberhygiene. Similar to regular hygiene, it means keeping your devices and behavior clean.

Everyone should make it a routine to delete their browsing data, personal information and intimate content from their devices. Keep an external drive with everything you want to keep and disconnect it from your devices and the internet.

The best defense against spear phishing is to leave nothing exposed. That way, you'll go unnoticed by hackers, scammers, and other dangers that lurk online.

What happens if you get caught in Spear Phishing?

No one plans to be a victim, but it happens. Even with the best protection, a brief lapse in judgment can leave you with your information exposed and all your devices in danger.

Solving the problem may not be pleasant. But, if you act quickly, you may not have any damage to your name and property. Start changing your passwords quickly and cancel your credit cards.

Also, let your friends and family know that your account may be compromised and that they shouldn't click on anything you send them in the foreseeable future.

Change Your Information and Passwords

Start with the basics first and then move on to the list. Google, iCloud, Amazon and your bank certificate should be the first to be changed. Also, call your mobile phone provider and check to see if your phone is being cloned and inform them of the possibility.

Cancel Your Cards and Change Financial Information

As soon as you notice that your information is compromised, cancel all your debit and credit cards, and change your password to access the bank's website.

Remember to withdraw some cash for a few days until you have everything in order.

Also, if you have money in storage such as crypto-currency, change the passwords and login details for your cold storage and hot wallet.

Call the Authorities

In most countries, global phishing is considered a scam and is punishable by law. Although the chances of perpetrators being caught are slim, this will prevent them from misusing your identity.

Talk to the police about how to behave and tell institutions that you may be a victim of identity theft. Keep some form of identification with you at all times until the problem is resolved.

Finally, if your business is at risk of becoming a victim of ransomware, let everyone know about the situation.

Start Over

You don't need to move out of your home, but cleaning your devices would be a good start.

If you haven't practiced cyberhygiene before, now is the time to start. Gather all your images, videos, and commercial files, and transfer them to an external hard drive where the attacker can't reach them.

Once you're done, collect your installation disks or USB sticks and wipe your entire system. Everything should be gone in case you've been tricked into installing malware.

Conclusion

Although identity theft is a common scam, thousands of people fall for it every year. If you're not using a VPN and you remain anonymous online, there's a good chance you'll receive a malicious attachment in your email or private messages.

Since October is a month for cybersecurity awareness in both the US and the EU, this is a good time to learn about these threats and how to mitigate them.

By using premium VPN providers like VeePN and implementing cybersecurity practices in your daily life, you can stay safe online and surf as much as you want. Scammers and hackers can't take you where they can't see you.