Spear Phishing of High Net Worth Individuals

BY OnSecurity Team / ON Oct 13, 2020

Having a high net worth makes you a key target for cybercriminals. Why? The answer is simple: you have something to steal.

If a hacker gets their hands on your personal data, they can use this against you in different ways:

  • They could use this data to access your accounts and steal your money.

  • They could steal private information – either personal or business – and use it to blackmail you or demand a ransom.

When a hacker targets an individual, they tend to impersonate a trustworthy source - this is also known as spear phishing.

What is spear phishing?

Spear phishing is a type of cyber scam that targets victims through email. Unlike phishing, which targets masses of people at once, spear phishing emails are designed to target individuals. Cybercriminals will monitor your social media channels and gather any information that they can use to trick you. They will then customise an email so that it appears to be from an authentic source: this includes anything from including personal information to impersonating a trustworthy sender.

Victims of spear phishing scams risk having their usernames, passwords and credit details stolen. Successful attacks can result in unauthorised access to data and funds, opportunities for blackmail, identity theft, a decline in reputation, and a violation of privacy.

How can you avoid it?

Protecting yourself from spear phishing emails can seem daunting, but don't worry – OnSecurity can help! Here are some steps you can take to protect yourself, your family and friends, and your employees.

1) Educate yourself, your family and friends, and your employees

The easiest way to protect yourself from cybercriminals is to educate yourself and those around you. Do your own research, encourage your friends and family to learn about the risks, and raise awareness among your staff through emails, presentations, newsletters and workshops.

It can be tricky to spot a spear phishing email, but the main signs of a spear phishing attack are:

  • The email asks you for sensitive information, such as passwords or bank details – especially if the sender is someone you know wouldn't typically ask for this information.

  • The email encourages you to open an attachment or link.

  • The email makes you panic – phishers often create a sense of urgency so that their victims feel obliged to respond quickly and without thinking about the potential risks.

Why not increase your awareness of spear phishing by trying OnSecurity's Phishing Simulation service? Our team of ethical hackers will send simulated phishing emails to you, your family and friends, and your employees. This service gives you the chance to make mistakes in a safe environment and teaches you what to do when faced with the real thing.

2) Be mindful when using social media

Social media is an integral part of our society, especially for businesses and high-profile individuals. However, if you share too much personal information on social media, hackers might use it to target you. They could use the information to create authentic spear phishing emails or use your personal details to hack into your devices or set up accounts in your name. One of the best ways to protect yourself is to be mindful when sharing information on your social media channels. Remember, it's important to monitor what your friends and family share too: it might seem like a harmless post, but hackers will use anything they can get their hands on to trick you.

3) Keep your work life and personal life separate

You shouldn't use your personal accounts and devices for business use – and vice versa! If someone hacks into your personal accounts, they could find out sensitive information about your work life. Similarly, if your work accounts are compromised, hackers might gain access to your personal accounts and funds. Access to this information will make it easier for hackers to create realistic spear phishing emails.

The best way to avoid this is to keep your work life and personal life separate: use different devices for personal and work use and separate your personal and business social media accounts.

4) Always check the sender before clicking any links

Oftentimes the would-be hacker will impersonate a legitimate business. Always check the sender field. It's important to note that email addresses can be spoofed. So, if in any doubt visit the website directly rather than clicking any links.

What should you do if you've been spear phished?

It's important to protect yourself from cyberattacks, but what should you do if you've already fallen victim to a spear phishing scam?

1) Take your devices offline

If you are the victim of a spear phishing attack, it is important to disable your internet connection as soon as possible: this will help to contain a malware infection and prevent any viruses from spreading to other devices.

2) Change your passwords

You need to change the passwords for any accounts that might have been compromised in the spear phishing scam. You should change your passwords from a different device so that hackers can't access your new information, and you should always use a combination of letters, numbers and special characters.

3) Contact your bank

Contacting your bank is an absolute must if you have been spear phished! If you think your bank details or credit card information have been stolen in the attack, you need to contact your bank immediately.

4) Report the attack

Although the spear phishing email was designed to target you specifically, it is still important to report the phisher to protect others from future scams. You can do this by:

  • Emailing the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk

  • Calling Action Fraud on 0300 123 2040

  • Using Action Fraud's online service

5) Scan your device with anti-virus software

If you clicked on any links in the spear phishing email, then your device may have been compromised. It is important to check for viruses by scanning your device with an anti-virus software.

6) Contact the person or company that was spoofed

It is important to contact the person that the spear phisher was impersonating. After all, they are victims too! They might want to report the scam themselves and informing them might help prevent future scams.

7) Continue to check for suspicious activity

Even if you have informed your bank of the spear phishing scam, you should continue to check your accounts for suspicious activity. This could be unauthorised usage of your credit card or foreign access to your accounts.

Share: