The First Step Cyber Criminals Take When Intending to Steal Your Identity Will Shock You

Spear Phishing:

What is it and why is it the 1st step hackers take when intending to steal your identity?

No. It’s not what you think. It’s not sport fishing out on the open sea. Instead it’s a scam. With you the hackers target.

According to Kaspersky Labs – “Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer”.

What’s the difference between ‘phishing and spear phishing’?

“Spear Phishing can easily be confused with “Phishing” because they are both online attacks on users that aim to acquire confidential information. Phishing is a broader term for any attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons” says Digital Guardian.

On the other hand, “Spear Phishing” emails will appear sent from someone you know – your bank, a friend, a company you purchase from online; even your health insurance company. Unfortunately it’s from nasty fraudsters who want your credit card and bank account numbers, your passwords and financial info you may have stored on your PC.

The Digital Guardian also informs us – “Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses”. And like fishing at your local, favorite spot using lures and bait, phishing is a type of bait usually guaranteed to lure you into sharing personal info they covet.

Spear Phishers send you messages which address you by name as if they know you personally. 

For example ‘Hi Mary, Hi Nick”; instead of the Dear Sir or Dear Friend. Since it addresses you personally, the email sounds as if from a friend or appears sent from your bank, for example. Because it’s perceived to be from someone they know, most people are immediately open to providing answers to questions asked or to provide personal or financial info requested.

Phishing scams are just that; often a one-of-a-kind email or scenario. On the other hand, spear phishers have been researching you, know some of your habits; some of the companies you purchase from and have been gathering information throughout their search. That said, the email you receive may refer to a recent purchase you’ve made. To get you to respond quickly, they frequently use the words ‘Urgent Action Required’; which encourages almost anyone to take action immediately, without thinking. An excellent psychological tactic these criminals use.

Here are a variety of ways in which spear phishers lure you into providing privileged info: 

  • Deceptive Phishing.
  • Malware-Based Phishing.
  • Keyloggers and Screenloggers.
  • Session Hijacking.
  • Data Theft asking you direct questions.

If you use the Internet frequently for work or are socially active, for example, it can work against you.

These cyber-criminals can also capture information in these 2 ways:

  • When you type a request for info into a site (using your PC or Smartphone);
  • When you try to make a purchase and type financial info into a site which is not encrypted, they cut off the process. It’s then they send you a friendly email explaining how your purchase could not be completed because your log-in and/or password were incorrect and failed to process. You’ll be provided a link sending you to one of their sites (a mirror of the original retail site on which you attempted to make a purchase). There they capture all your financial info plus your password.

To further clarify Spear Phishing, the U.S. FBI says:

“Instead of casting out thousands of emails, randomly – hoping a few victims will bite – spear phishers frequently target select groups of people with something in common—they work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc. The emails are ostensibly sent from organizations or individuals the potential victims would normally get emails from, making them even more deceptive.”

Briefly….“Criminals need some inside information on their targets to convince them the e-mails are legitimate. They often obtain it by hacking into an organization’s computer network or sometimes by gathering info combing through other websites, blogs, and social networking sites.

Then, they send emails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data.

Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.” More spear phishing info from the FBI

View dozens of ‘spear phishing emails’ and letters actually sent:

4 Ways to Keep Your Personal Information Secure

1. Don’t indiscriminately type your info into sites you’re unfamiliar with. If interested in their products or services, or a published report offered do some research before signing up. Ensure they are a brand/company you can trust.

2. Create unique passwords which even hackers find hard to crack. There are people called ‘password crackers’ who use software to hack passwords. However you can do yourself a favor using a password creator which spews out new, uniquely different, long, hard-to-break passwords. {For example – (93Dy7*mz2V.@}. This password isn’t easily cracked; even by password crackers. Bonus Tip: Change your passwords every 60-90 days. While it may seem time-consuming, it’s one of the best ways to keep your emails safe from hackers.

3. When you receive a software update for your computer install it immediately. Most computer systems create patches (updates), on a regular basis, once they discover hacker issues. It’s imperative you install them the moment received.

4. Never provide your log-in or password info to anyone requesting this info in an email. If this comes from your bank or credit card company they should be sending you to their website. You should not pass it on to friends or co-workers. Or, you can always type your banks name into a search bar and be taken directly to their site.


When it comes to phishing, spear phishing and cyber-fraud, in general, it’s best to take the time to secure your passwords, your business and personal accounts. Remember – these fraudsters make it their life’s work to steal from you. Don’t make yourself a target for fraud.