Government GPS

The Latest Rules and Regulations That Impact Your Government Entity

Phishing vs spear phishing – don’t get scammed

phishing, spear phishing, fraud, scam, government, accountingYou may believe that phishing emails are a thing of the past and that no one falls for them. However, emails remain the number one way for scammers to infect your computer with viruses or ransomware and they have been getting more complex with their schemes.

Spear phishing

Typically, phishing emails can be easily identified with misspelled words and odd email addresses; however, there’s a more targeted approach to phishing called spear phishing. While the intent remains the same, spear phishing involves personalizing the email to the specific target, rather than a large group of people. Though more time consuming, by limiting the target, they can include personal information. For example, the person’s name or title – this makes the email seems more trustworthy, making the person more likely to comply with what’s being requested. They can even impersonate someone you are used to emailing by making a legitimate email address and identity.

Protect yourself

Even if an email is manufactured for a specific person, there are still ways to identify a phishing attack. Below are some common giveaways that something isn’t right and that you should think twice before following through with the emails request:

  • Bad link – If the email is asking you to click on something, try scrolling your mouse over it to see the complete web address. If it seems suspicious, don’t click it and reach out to your contact to verify if it was from them.
  • Formatting – Though subtle, the formatting of an email can raise a red flag. If you notice that it’s strange or drastically different than what you are used to, take further measures to ensure its validity.
  • Sense of urgency – Many attacks “require” that you provide the information immediately. However, if the email is requesting sensitive information for either the company or yourself, such as login information, don’t hesitate to make a phone call to determine the legitimacy.
  • Requesting personal information – How often are you actually required to provide personal information over email like username and password? Probably never, so don’t fall prey to this old trick.

The common theme is to trust your gut. If you ever suspect an email of being a scam, play it safe and get in touch with your contact.

Andrew Gill, CPA