The U.S. Justice Department charged 12 Russian military officers today in a history-making spearphishing scam. The 12 defendants are charged with conspiring to interfere with the 2016 presidential election by stealing information from email accounts of volunteers and employees of a U.S. presidential campaign. While the scam may sound sophisticated, it is a simple digital fraud and anyone using email can be attacked if they’re not cautious. Here's how to protect yourself.
With spearphishing, a hacker sends you an email message that tricks you into disclosing your username and password to a secure account.
The email looks like it comes from a legitimate source, such as Microsoft, Federal Express, or other companies you trust. For instance, as shown above, you might receive a message that your email inbox is "99% full." If you're in a rush or simply not a sophisticated computer user, you might just click on the link to clean up your email inbox. You may not realize that this message is a fraud and clicking on the link installs a malicious program on your computer that records your keystrokes and sends hackers your passwords.
Many variations of these schemes exist and new ones keep appearing so fast that security software programs cannot keep up. Perhaps the most important way to thwart a spearphishing attack is by carefully examining links in emails before clicking.
Hovering over the "Clean Up Mailbox" link in this example displays a link to a strange website and not your email program. If the link is unfamiliar, don't click on it.
Another popular spearphishing scam is notifying you about a package. Here again, hovering over the link in the email displays a website address that is absolutely, positively not Federal Express.
Notably, the email account from which this message was sent is not a legitimate FederalExpress.com account.
Often the "from" email address will tip you off to a fraud.
Phishing emails until recently were easy to spot because they commonly contained misspellings and grammatical mistakes. A scan of hundreds of recent phishing messages indicates fewer telltale signs. The scammers are getting smarter.
While the cat versus mouse hunt to protect against spearphishing lately has been won by the evildoers, software solutions are growing stronger. For example, Microsoft Office 365 online users now have a new way of designating a message as Phishing. This new feature of "blacklisting" a malicious message prevents that same scam from hitting you again and gives Microsoft information about its origin. Of course, anti-virus software is a must.
In addition, two-factor authentication is becoming more widely used. This requires you to verify your activities using a cell phone in combination with an email address or website login. It is not foolproof, but it is much more difficult to hack.
If you ever have any questions about information you receive from us by email, please do not hesitate to call us.
This article was written by a professional financial journalist for McCarthy Asset Management, Inc and is not intended as legal or investment advice.