Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Spear phishing tactics convincing insidious
NEW YORK (8/14/12)--Cybercriminals are tricking more victims with a potent, authentic-looking scam that is highly targeted, contains some personal information, and hooks even the most tech-savvy individuals ( Aug. 6).

A few years ago, con artists filled inboxes with blast e-mails asking for credit card and account numbers, passwords and other personal information, hoping for a few bites. That was phishing. Now spear phishing has become a more profitable scam.

Instead of sending an e-mail to millions of people randomly, spear phishers target their victims, such as employees of a specific financial institution or business. They want the wealth of information in those computer files--names, addresses, or account numbers. Anyone--or any organization--dealing with customers, clients, members, or patients is a potential target of spear phishers.

Most cybercriminals use social engineering--the practice of manipulating human emotions, interest, or desires to obtain a specific response--to get you to disclose crucial information. They craft the e-mail to make it look like it came from someone you know, and the personal nature of the attack makes it extremely seductive.

In one case a physician and faculty member of a university medical center received an e-mail that looked like it was from his information technology department. He was asked for his computer login information as part of an "upgrade" to the center's computer, and he gave it. What ensued was a gold mine for identity thieves--they had access not only to the doctor's personal information, but also to the personal information of hundreds of his patients.

Other innocent-looking tactics are equally dangerous. You could get an e-mail that appears to come from a co-worker or your human resources department, asking you to add some personal information to a company database. Scammers are getting better at generating legitimate-looking e-mail templates and building the malware needed to infect computers and intercept your communications.

Take steps to avoid being scammed:

  • Don't assume it's legitimate. If you get an e-mail with your name on it from the credit union or any company you do business with and it asks you for personal information, don't take the bait. Confirm its authenticity with a phone call to the listed number.
  • Be suspicious of links. Use extra caution when clicking on any link in an e-mail.
  • Watch out for pop-up messages. If you're visiting a website and get a prompt to update Flash, Java, or Acrobat PDF Reader in order to view content or a video, don't click. Only perform these updates when you see an update prompt while turning on or restarting your computer.
  • Choose "friends" carefully. Social networking sites have made it easier for hackers to gather information about you. Be suspicious of people who attempt to "friend" you or become part of your professional network on any social networking sites.
  • Trust your instinct. If the message contains a sense of urgency, step back. Don't click.
For more information, read "Be Cautiously Sociable on Social Networking Sites" in the Home & Family Finance Resource Center.
Other Resources


News Now LiveWire
.@TheNCUA's J. Mark McWatters reflects on his first #CUNAGAC in this month's NCUA report.
18 minutes ago
.@symantec : 59% of compromised info linked to retailer breaches #NewsNow
41 minutes ago
.@CUNA's Ryan Donovan discusses House and Senate activities CUNA will be following this week.
45 minutes ago
.@Bankrate breaks down 5 top fee-fighting #creditunions
1 hour ago
#creditunions celebrate #EarthDay2015 by being green aware with e-statements, hosting shred events, planting trees
16 hours ago
150x172_Sign up for election newsUnite for Good Share your Stories100 Million CU Memberships