Privacy Perils: Dangers of Spear Phishing

Chances are, we all have been targets of spear phishing, the latest twist on phishing scams. In a spear phishing scam, you receive an email that appears to be from a friend, colleague, a business that you’re familiar with, or even a client. Except it isn’t. It’s actually from hackers who are looking for a way in to your computer, mobile device, home network, or the firm’s network. The email may lead you to click on a link or an attachment contained in the email message, where you will be asked to provide a username and password or other personal information, or the hacker will have malware silently installed on your computer or device. Through such tactics, hackers can often gain extensive access to your home or the firm’s network and access your personal information, confidential information of our clients, or other valuable data.

To help avoid falling prey to these spear phishing scams, follow the below tips should you receive any email that you suspect to be a spear phishing message.

  • Never accept a request for a password in an email or telephone call that you have not initiated. If you think the email might be real, call the business and ask.
  • Do not log onto a website via a link in an email or text message received on your mobile device.
  • Pay attention to the link URL. Hover your mouse over the link to reveal the URL that the link points to. If it doesn’t match what the link or email say it should, that’s a red flag and you should not click on the link.
  • Make sure your web browser is up to date with the latest security patches.
  • Look closely at the sender’s email address and double-check that it is from the organization referenced in the email. (For example, often spear phishers will use email addresses such as “customerservice@XYZInc” when the actual domain of XYZ Inc. is simply “XYZ” rather than “XYZInc.” To find out the correct domain of the organization, you can simply do a search on Google or Yahoo!.

Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact a member of our Privacy & Data Security team.

Related Services

Chances are, we all have been targets of spear phishing, the latest twist on phishing scams. In a spear phishing scam, you receive an email that appears to be from a friend, colleague, a business that you’re familiar with, or even a client. Except it isn’t. It’s actually from hackers who are looking for a way in to your computer, mobile device, home network, or the firm’s network. The email may lead you to click on a link or an attachment contained in the email message, where you will be asked to provide a username and password or other personal information, or the hacker will have malware silently installed on your computer or device. Through such tactics, hackers can often gain extensive access to your home or the firm’s network and access your personal information, confidential information of our clients, or other valuable data.

To help avoid falling prey to these spear phishing scams, follow the below tips should you receive any email that you suspect to be a spear phishing message.

  • Never accept a request for a password in an email or telephone call that you have not initiated. If you think the email might be real, call the business and ask.
  • Do not log onto a website via a link in an email or text message received on your mobile device.
  • Pay attention to the link URL. Hover your mouse over the link to reveal the URL that the link points to. If it doesn’t match what the link or email say it should, that’s a red flag and you should not click on the link.
  • Make sure your web browser is up to date with the latest security patches.
  • Look closely at the sender’s email address and double-check that it is from the organization referenced in the email. (For example, often spear phishers will use email addresses such as “customerservice@XYZInc” when the actual domain of XYZ Inc. is simply “XYZ” rather than “XYZInc.” To find out the correct domain of the organization, you can simply do a search on Google or Yahoo!.

Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact a member of our Privacy & Data Security team.

In Case You Missed It:

  • Kentucky Gallops into the Privacy Race: Kentucky’s New Consumer Data Privacy Law
    April 15, 2024 | Firm Publication
  • CISA Publishes Proposed Rule for Cyber Reporting
    April 10, 2024 | Firm Publication
  • David Wilson Examines the Applicability of Law to Artificial Intelligence and Nonhumans
    April 4, 2024 | Virginia Journal of Law & Technology