Spear Phishing: Everything You Need to Know to Protect Yourself

In an increasingly digitized world, Fraudsters utilize the ever-changing technological landscape to their advantage, and recently, many have been embracing the increasingly popular scam known as spear phishing.

But, as always, knowledge is power. It’s important to stay up to date with the latest trends in phishing and familiarize yourself with their methodologies in order to protect yourself.

What is Spear Phishing?

Spear phishing is different than regular email phishing is that the target is much more specific and defined. Therefore, fraudsters may pose as a known or trusted sender in order to induce targeted individuals to reveal confidential email. According to the United States Computer Emergency Readiness Team, attackers often take advantage of current events and certain times of the year, such as national disasters, epidemic and health scares, economic concerns, major political elections, and holidays.

Common tactics include: directing email recipients to fake sites that ask for information like account numbers, passwords, and other credentials or sending links and attachments that download malware onto their recipients’ devices.

What Can I Do About it?

The following tips are taken from the IRS to protect your clients and your business from spear phishing:

1. Educate all employees about phishing in general and spear phishing in particular.
2. Use strong, unique passwords like a phrase instead of a word. Also, be sure to change up passwords from account to account.
3. Never take an email from a familiar source at face value. If it asks you to open a link or attachment, visit the e-Services website for confirmation.
4. If an email contains a link, hover your cursor over the link to see the web address (URL) destination. If it’s not a URL you recognize or if it’s an abbreviated URL, don’t open it.
5. Consider a verbal confirmation by phone if you receive an email from a new client sending you tax information or a client requesting last-minute changes to their refund destination.
6. Use security software to help defend against malware, viruses and known phishing sites and update the software automatically.
7. Use the security options that come with your tax preparation software.
8. Send suspicious tax-related phishing emails to phishing@irs.gov.

What Should I Do If I Think I Was Scammed?

The United States Computer Emergency Readiness Team suggests the following:

• Report it to the appropriate people within your organization, including network administrators. They can be alert for any suspicious or unusual activity.
• If you believe you may have given over confidential financial information, contact your financial institution immediately and close any accounts that may have been compromised.
• Immediately change any passwords you might have revealed, including the login information of any account that uses the password.
• Watch for other signs of identity theft.
• Consider reporting the attack to the police, and file a report with the Federal Trade Commission.

‍