Another common way that the ‘bad guys’ get us is a method similar to Phishing, but more targeted. In Episode 1 of Scammer Abound, I talked about this common theme: the ‘bad guys’ only do as much work as they need to do to trick us into giving them what they want. Sometimes they do a little work ahead of time and research the target. We all have a digital footprint and they use that against us. This is called “Spear Phishing.”
Spear Phishing has the same goal as normal Phishing, but the attacker first gathers information about the intended target. This information is used to personalize the spear-phishing attack. Instead of sending the phishing emails to a large group of people, the attacker targets a select group or an individual.
Below is an example of a Spear Phishing attack. Please note this was a ‘real’ attack being shared with permission from North Iowa Community Schools.
What is happening here?
In the example above, the bad guys looked at the North Iowa Community School website and saw that Cory Myer was the Superintendent and Sheryl Davids was an assistant. They used this info to send a request that looks like it was from Mr. Myer to Mrs. Davids asking her to send money somewhere. If she would have responded it would have gone to a bad guy who would have responded with bank info. Sheryl Davids handled this well and called Mr. Myer directly and NGT confirming this was NOT legit.
If I get one of these what should I do?
If you receive requests and have any concern about the legitimacy we suggest you talk to the person ‘out of band’. If it is an email, then call them at a number you know. If it is a phone call, call them back and/or email them at an address/number you know.
I’m still worried, what do I do?
Contact NGT, we are glad to provide some advise as to how to proceed.
Follow this link to email, chat, or call: http://www.ngthelp.com