Spear phishing definition
A form of phishing attack directed at specific companies or individuals. Cybercriminals disguise themselves as legitimate entities to extract sensitive data from their victims in the form of a phishing email or a malicious link. This social engineering technique is considered to be more dangerous because it can impact even tech-savvy individuals due to its personalized nature.
Spear phishing vs. phishing
Spear phishing is a tailored attack targeted at a particular individual to get specific information or make them do a particular task, like transfer money to the attacker’s account. Phishing is a more general social engineering technique during which the criminals target as many people as possible in the hopes that at least one of them will slip up and interact with them.
Preventing spear phishing
- If you get an unusual request from someone you know, double-check it with them through some other communication channel.
- Check the email for red flags: typos, grammar mistakes, a weird email handle, or an unusual sign-off could all mean it was written by a cybercriminal.
- Don’t post too much about your work on social media, and encourage your coworkers to do the same.
- Use two-factor authentication wherever possible.
- Use additional security software like NordVPN’s Threat Protection, which scans downloaded files for malware and prevents you from landing on malicious websites.