Spear Phishing and Whaling - Different Types of Cyber Attacks
Don't Get Phished!
In the How to Spot a Phishing Email video that is embedded below, cybersecurity writer for Fortune, Jeff John Roberts, explains how to improve your phish-spotting skills and protect yourself from digital scams.
Phishing is what we call cyber hacker attempts to trick you into providing sensitive information about yourself to someone that is pretending to be a trusted or reliable connection via email. You have probably seen this kind of thing before. You might have noticed something wrong about a spoof email and knew not to click on a link or open an attachment, and maybe you have even been fooled by a cleverly-developed phishing attack.
Tricksters are getting better at disguising emails to look legitimate and even high profile people are getting hacked. Phishing attacks that are directed at senior executives and other notable targets are called “whaling.”
For a large organization, falling prey to a phishing scam can be more than just embarrassing. “Spear phishing” attempts stem from specific and deep research on an individual or company. Last year, two spear fishing attacks on Minnesota’s Department of Human Services resulted in compromise of 21,000 patient records.
Who are these scammers? Usually they work in organized crime, sharing vast amounts of information and research on individual patterns of behavior. They get to know you well enough from your shared online activities to deliver a message that is crafted to look realistic to you.
How can you tell when an email is real or an attempt to phish your information? Read our How to Spot Phishing Messages Like Pro article to learn techniques that can help you to resist scam attempts.
Look carefully at the provided URLs in an email and examine them for link manipulation. Is the spelling correct or does something look “off ” about it? Hover your mouse over the link without clicking it. Does the link that is revealed match with the text of the URL?
The Information Security Office at UC Davis Health employs various forms of technology to intercept phishing emails, but the best weapon is your common sense. Remember, if it looks too good to be true, it probably is. As always, forward (as an attachment) all suspicious work email to firstname.lastname@example.org.
How to Spot a Phishing Email Video
Protect Yourself From Becoming a Phishing Victim
- Treat with suspicion any email that you didn’t expect to receive.
- Legitimate subject lines are usually detailed and specific. A generic subject line can be a key indicator of a phishing scam.
- Look for unprofessional spelling and grammar errors.
- Unnecessary urgency is suspect. Use your intuition and, if something “feels” wrong, call the sender’s organization to validate the email.
- If it seems too good to be true, it probably is.
- Hover over links to see if the web address is legitimate and relates to the email’s content.
- Check for odd phrases and word choices based on your knowledge of the sender.
- Verify any email that asks for personal information (e.g., birthday, Social Security Number, username, password) by independently looking up the sender’s contact information.
- Watch for improper or unusual use of copyright information, logos, and graphics that could make the email appear to be official.