Buyer Beware: FBI issues warning on "spear phishing"
Filed under: Ripoffs and Scams, Technology, Identity Theft, Buyer Beware
As if it wasn't enough to worry about plain old phishing scams, the FBI today issued a warning about a more malicious type called spear phishing.
This type of scheme is not new, but the FBI warns it is on the rise. Spear phishing differs from regular phishing in its approach. Rather than use a massive email blast, spear phishing attacks choose smaller, selected groups that share something in common. That could be anything from a workplace, to a bank to a website everyone purchased from.
Using emails that simulate authentic ones, the spear phishers -- as is the case in regular phishing attacks -- concoct a plausible reason why you need to urgently provide personal information. Using links in the email, you are then guided to look-a-like, phony sites where you are asked for personal and financial information. Because the spear phishing attacks are more targeted, they also can be more insightful and offer more compelling reasons to be lured in.
In addition, some of the spear phishing attacks, according to the FBI, also try to get you download malware which can hijack your computer or be used to steal personal information.
The number of people falling for these sorts of scams is on the rise. Be on guard and avoid becoming a statistic.
For more information about safeguarding yourself from phishing scams, Microsoft has a helpful site, and the FBI has a site offering advice on protecting your computer.
Reader Comments (Page 1 of 2)
4-02-2009 @ 8:47PM
Tom said...
With articles and warnings of this and many other kinds of scams in the news every single day with so many details, it people are stupid enough to fall for one, then they are beyond help.
Reply
4-02-2009 @ 8:57PM
ml said...
There's one going around on HGTV letterhead.
4-04-2009 @ 9:11PM
lyd said...
People are NOT stupid. This past week I received 3 phishing e-mails from "Bank of America". The letterhead was authentic and it looked completely legit. The mail stated that there was some unauthorized access to my online account. It seemed completely real. But instead of clicking through the mail I used my bookmarked link and found that my account was fine. I forwarded the suspect mail to B of A and they confirmed that it was phishing. Looking much closer at the mail it was obvious some of the wording was suspect but if I had panicked theives would have access to my account. NEVER click the link on the suspicious e-mail. ALWAYS check through your own link. GOOD LUCK out there!
4-02-2009 @ 8:56PM
cjcfleur said...
I cannot believe that people still fall for this crap. Folks have been warned for years. No bank, credit card, especially paypal, financial anything would ever send an email asking for sensetive info. I never give information to anyone unless I am the one who intiated the call.
Reply
4-02-2009 @ 9:03PM
elezze said...
Precisely the reason these scams/phising occur...because people are not computer savvy enough to see the problem and the scammer knows it. Imagine the millions of uneducated computer users being affected, who fall for just about anything. Take it from one who has been phished and learned the hard way...me!
Do not open multiple forwarded emails.
If you don't recognize the sender then delete it to be safe.
Even if family/friends send forwarded emails that contain jokes, sales, chain emails then just ignore them.
The more educated you are about these things, the harder the scammer tries to get you, which the scammer is more ept to make mistakes, while you have the upper hand.
Reply
4-02-2009 @ 9:13PM
ryan said...
PEOPLE ARE DUMB..THEY FALL FOR EVERYTHING...THEY BELIEVED OBAMA AND LOOK WHERE WE ARE NOW...DUMB PEOPLE I TELL YOU..
Reply
4-02-2009 @ 9:37PM
MindOfMyOwn said...
I know what you mean .. the people even elected Dubya Bush .. TWICE!! Gezz .. what is becomeing of my beloved country.
4-02-2009 @ 9:40PM
cuemiller said...
Some of the dumbest even post irrelevant comments in all caps!
4-24-2009 @ 6:35AM
Stephani said...
Where were we before him? And just were were we headed with out him? What do you have in mind? Do you have any idea what John McCain was planning? Do you know what you would NOT have if he was president today?
4-02-2009 @ 9:59PM
Jade said...
I can always tell when it's a fraud because almost every e-mail that is sent contains several spelling, grammar or punctuation errors, in addition to bad spacing and incorrect letter layout. The logo always looks so weak and generic. I'd love to find out how they know every banking instituion where I have an account.
Reply
4-02-2009 @ 10:36PM
Antone Grieco said...
And they all have English-sounding names, too.
4-02-2009 @ 10:49PM
Paulette said...
This must be Obama's fault!
Reply
4-05-2009 @ 10:41PM
Carl Sr. said...
Gosh,I may have been a victim of this scheme.
Is there anyone out there who I could give my bank account numbers and pin numbers to so that they could check and see if I have been cheated or not?
Thank you,
Carl in Florida
Reply
4-05-2009 @ 10:41PM
sue said...
I received two of these emails claiming to be from my bank. One was from Wells Fargo and the other Bank of America. Both informed me my login was locked because I had attempted several logins a could not access my account. I called both banks an they had me forward the letters to them. They funny thing is I only bank with one of these banks.
I never clicked on thier links beacuse I know banks would never send e-mails about login problems.
So people please watch out for these emails, if you get on call your bank and forward it to them. DO NOT CLICK ON ANY LINKS YOU CAN HAVE YOU PERSONL INFO STOLEN.
Reply
4-03-2009 @ 2:58PM
Carl said...
It is a good thing that there are trusting people left in this world.
Gullible is something else. Of course folks have to watch out for themselves.But there always have been,and always will be,those that are looking to take advantage of misplaced trust.
Reply
4-05-2009 @ 10:39PM
Kim said...
Spear phishing is different than the normal phishing scam. This happened to us. As reported in the article above, it is usually an attack on a "smaller, selected groups that share something in common."
We received an email from my daughters dance teacher stating she was stranded in England, and she had her purse stollen and she needed funds. This was her legit email address, and the list of people on the address were actually the people in our dance group. We were to wire her money. Who ever got into her email account sent this email to each of her dance groups. Someone notified the dance teacher immediately (who, was certainly not in England) and we all warned of the scam.
It doesnt have to be a company, or bank or even the IRS email that can try to get you, these are people grabbing your email contact lists to get info from you (or wire money, in this case). So dont jump so fast that you conclude everyone should know better. It can happen to the best of us.
The funny part is, after we were all notified, and she switched emails, another email (from old acct) came and said ...."how can you do this to me, leave me stranded...." blah blah blah. lol
Reply
4-05-2009 @ 10:38PM
marshall said...
In order to put a picture on face book you have to allow an active x I guess its legit, but im too paranoid to do it,
Reply
4-05-2009 @ 10:38PM
James 20006 said...
Jade,
You are worried about spelling, so the correct word is institution.
Reply
4-05-2009 @ 10:37PM
Smarty said...
Who ever falls for it is pretty much a retard. Why would you give out personal info over the net through an e-mail ? Me im cautious of even buying things on the net. And before i buy any thing i contact BBB to check their record on if the website is legit or not. But giving personal information through an e-mail or a telephone is just plain dumb. They should be contacting you to verify personal info not ask for it.
Reply
4-05-2009 @ 10:37PM
Bob said...
Yes, there are frequently errors in grammar and clumsey phrasology.
Legit companies usually have site names like
WELLSFARGO.COM or
BANKOFAMERICA.COM
So, when you get a questionable email DON'T click the addresses and don't give info. BUT, if you position your cursor over an address and it is not "companyname.com" but rather some convoluted thing like
July@sakie.boomerang.com/wellsfargo/info or something else that has a non company name in front of the .com or .edu or .gov or .org, you can be pretty sure it is a phisher.
The party who said he or she called the banks and did not respond to the email is WISE. Peace, bob
Reply