Hack back: Spear phishing and how you can avoid it

The Chinese military has resumed hacking government agencies and American companies after a three-month hiatus, according to private security firm Mandiant.

The news comes as “spear phishing”, a form of targeted hacking, is drawing a lot of attention. An organization calling itself the Syrian Electronic Army has used the tactic to attack several media organizations, most recently the Financial Times.

"When somebody singles you out as an individual to target with an attack, we call it 'spear phishing'," says Chester Wisniewski with the cyber security firm Sophos. "They find some way of convincing you that they are the target brand and get you to type in your password and give it to them."

Wisniewski says the best way to avoid getting spear-phished is not go to any password-protected websites from a link recieved via email. Instead, users should access social media and banking websites directly via a browser.

About the author

Chester Wisniewski is a computer security expert with the computer security firm Sophos.

Comments

I agree to American Public Media's Terms and Conditions.
With Generous Support From...