Spear Phishing
Duration: 4 mins 4 secs
Share this media item:
Embed this media item:
Embed this media item:
About this item
| Description: | Learn how cyber criminals target you with spear phishing attacks using data gathered from email, social media or face to face contact. |
|---|
| Created: | 2017-06-19 11:27 |
|---|---|
| Collection: | Cyber Security |
| Publisher: | University of Cambridge |
| Copyright: | University of Cambridge |
| Language: | eng (English) |
| Keywords: | spear phishing; social engineering; safety online; |
Transcript
Transcript:
Spear phishing is a malicious email, phone call or face to face contact that is specifically directed at YOU.
Criminals target you by taking any publicly available information from your workplace and your posts on social media, such as Facebook or Twitter.
Scammers may also try to obtain information over the phone or face to face by impersonating a company or department you trust.
So what can you do to avoid being scammed? It’s important that you confirm the identity of people who ask for personal or sensitive information before you release it.
If you have areas in your work place that are not publically accessible, you may need to check that strangers are being accompanied by their host or are genuine visitors, by asking to see their visitors badge.
Another way scammers can target you is to trick you to install a bad app on your phone or tablet, giving them access to your contacts and private information. Only install apps via the official store.
Spear Phishing emails will often use your name and job title and may appear to come from a colleague, a friend or a business contact that you trust, say your HR department, HMRC or your bank.
But it isn't; it's from a criminal who wants to find out your credit card and bank account numbers, your passwords, the financial data on your computer, or sensitive information belonging to the University.
Spear phishing emails may ask you to open an attachment, click on a malicious link or to enter your login details into a fake site.
Opening an attachment can install a virus on your computer. You may be surprised to know that your anti-virus software MAY NOT always detect a malware attachment.
What can you do to mitigate being duped? There are a few things to look for. Check that the From and “Reply-To” email addresses look correct.
Check that web links point to expected destinations, mouse over the link to see if the pop up information matches the sending email address.
Check the phone number to see if it is correct or a scam. Go directly to the web site rather than trusting the number in the email.
Read the email signature carefully, does it look authentic? If in doubt, before you CLICK, contact the sender using details found elsewhere.
If you think you are the victim of a scam, gather as much information as you can, then report the incident immediately.
For face to face or phone scams, record the person’s name, telephone number, and what they are asking for.
If you have given away your UIS account details change your password immediately if you are advised to do so.
If you have given away your login details for other services such as your bank, contact your bank directly using details from their web site.
If you have clicked a link or opened an attachment and something unusual happens, a virus or other malware may have downloaded.
Act quickly! Pull the Internet cable out. Turn off your computer.
Contact your local IT support, Computer Officer or the UIS service desk. They are there to help.
STOP! THINK! Before you CLICK!
Criminals target you by taking any publicly available information from your workplace and your posts on social media, such as Facebook or Twitter.
Scammers may also try to obtain information over the phone or face to face by impersonating a company or department you trust.
So what can you do to avoid being scammed? It’s important that you confirm the identity of people who ask for personal or sensitive information before you release it.
If you have areas in your work place that are not publically accessible, you may need to check that strangers are being accompanied by their host or are genuine visitors, by asking to see their visitors badge.
Another way scammers can target you is to trick you to install a bad app on your phone or tablet, giving them access to your contacts and private information. Only install apps via the official store.
Spear Phishing emails will often use your name and job title and may appear to come from a colleague, a friend or a business contact that you trust, say your HR department, HMRC or your bank.
But it isn't; it's from a criminal who wants to find out your credit card and bank account numbers, your passwords, the financial data on your computer, or sensitive information belonging to the University.
Spear phishing emails may ask you to open an attachment, click on a malicious link or to enter your login details into a fake site.
Opening an attachment can install a virus on your computer. You may be surprised to know that your anti-virus software MAY NOT always detect a malware attachment.
What can you do to mitigate being duped? There are a few things to look for. Check that the From and “Reply-To” email addresses look correct.
Check that web links point to expected destinations, mouse over the link to see if the pop up information matches the sending email address.
Check the phone number to see if it is correct or a scam. Go directly to the web site rather than trusting the number in the email.
Read the email signature carefully, does it look authentic? If in doubt, before you CLICK, contact the sender using details found elsewhere.
If you think you are the victim of a scam, gather as much information as you can, then report the incident immediately.
For face to face or phone scams, record the person’s name, telephone number, and what they are asking for.
If you have given away your UIS account details change your password immediately if you are advised to do so.
If you have given away your login details for other services such as your bank, contact your bank directly using details from their web site.
If you have clicked a link or opened an attachment and something unusual happens, a virus or other malware may have downloaded.
Act quickly! Pull the Internet cable out. Turn off your computer.
Contact your local IT support, Computer Officer or the UIS service desk. They are there to help.
STOP! THINK! Before you CLICK!
Available Formats
| Format | Quality | Bitrate | Size | |||
|---|---|---|---|---|---|---|
| MPEG-4 Video | 1280x720 | 923.33 kbits/sec | 27.50 MB | View | ||
| MPEG-4 Video | 640x360 | 438.79 kbits/sec | 13.07 MB | View | ||
| WebM | 640x360 | 285.8 kbits/sec | 8.55 MB | View | ||
| iPod Video | 480x360 | 517.93 kbits/sec | 15.43 MB | View | ||
| MP3 | 44100 Hz | 249.92 kbits/sec | 7.72 MB | Listen | ||
| Auto * | (Allows browser to choose a format it supports) | |||||