Rav Wilding's Spear Phishing Quiz

'Spear-phishing' is a more sophisticated form of 'phishing', that works by obtaining personal information about victims. As a group of MPs have even found themselves a target of this new method of fraud, Rav Wilding joined us in studio to help us keep our data safe

ㅤㅤ

WHAT IS SPEAR-PHISHING?

'Spear-phishing' is a sub-type of 'phishing', which is a broad term for any attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. These type of scams are called phishing because you can think of them like that. You throw some bait in the form of an enticing offer that doesn't exist, or a threat if someone doesn't act and you wait until people get caught. They're not personalised, they don't target someone specifically, they're very much sent out en masse.

Spear-phishing can be much more sophisticated and require more thought and time to achieve than generic phishing. Spear-phishing attackers try to obtain as much personal information about their victims as possible to make the communication that they send look legitimate and to increase their chance of fooling recipients. These criminals are now targeting and trying to catch specific people, and because of the personal level of these messages, it is more difficult to identify spear-phishing attacks than to identify phishing attacks conducted at a wide scale. This is why spear-phishing attacks are becoming more prevalent.

Examples of the difference between 'phishing' and 'spear-phishing' are in the image above.

ㅤㅤ

HOW DO THESE SCAMMERS GET OUR PERSONAL DETAILS TO BE ABLE TO CREATE THESE SPEAR-PHISHING SCAMS?

Social media is prevalent method for scammers to obtain our information. It's the window into lots of our personal data. On the face of it, you might not think that you'd be able to fall victim to a scam just by having a social media profile because we don't share things like bank details or passwords publicly on there, but it's a jumping off point for scammers to create their own profile on us. Sharing things like where we work, where we've been on holiday or the fact we've just bough a new car might seem pretty harmless, but scammers can create realistic texts or emails telling us that there's a problem with our employment contract, claim that we've left something behind on holiday or tell us that we've bought a car without an MOT.

Other things like downloading malicious software or malware onto our mobile phones or laptops can end up giving scammers personal details, but there might also be cases where it's not our fault. We often hear of data breaches where companies that hold data on us themselves get hacked and our details end up in the wrong hands, so there are quite a few ways that scammers can get access to basic information about us.

ㅤㅤ

WHAT CAN WE DO TO PROTECT OURSELVES?

There are some practical steps everyone can take with our online persona on social media. Firstly, try and set your account to be private if you can. You'll find this in your settings on all the major social media platforms. Changing that from public to private will mean that only people you approve can see most of your information.

Secondly, go through your friends list and make sure you know everyone that can see what you're posting. If you're unsure, you can remove them very quickly and they'll be back to not being able to see your account. Don't worry about causing offence, the other person won't know you've done this unless they actively click on your account.

Lastly, be careful what you put in your tagline or biography because on many social media platforms, this can't be made private. Save your more personal stuff for inside your profile.

Aside from social media, we should all be vigilant about what we're downloading to our devices. Scammers can hide malware into seemingly innocent looking apps for our phones or our laptops, designed to harvest our personal information.

Lastly, password security is key. Using different passwords across different websites and remembering to change as many of them as regularly as possible.

Above all else, remember that golden rule we love to say here on Morning Live, if it's out of the blue, it's not for you! So keep vigilant about being sent something you're not expecting, and don't click on anything you're not sure of. That's how we beat the scammers.

ㅤㅤ

USEFUL LINKS

Set your Facebook profile to private: Click here

Set your Instagram profile to private: Click here

Set your LinkedIn profile to private: Click here

Set your TikTok profile to private: Click here

To learn more about how to set your Snapchat account to private, click here