Most of you know about phishing — the fake email which is look like important mail from banks or credit card companies and even the government tax department or may be some time as lottery winner.

As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority.

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.

Internet securities experts warn of a new wave of scams are known as spear-phishing. Instead of casting a broad net to snag whomever they can, the scammers come after you directly and the attacks are already on the rise.

Unlike the old-school phishing scams that hit your inbox with fake email alerts from banks, and other businesses and address you simply as a “dear valued customer,” spear-phishing scams are specific because scammers are using your specific information. “So they can target you very carefully. They’ll seem very real to you,”

Investigators say massive security breaches back in April will only make it worse. Sony now confirms that hackers stole personal data from more than 24 and a half million PlayStation accounts last month. Weeks before that, a security breach at retail marketing firm Epsilon exposed the email accounts of millions of customers from major retailers and banks.

That means that, instead of getting an email from Wells Fargo when you don’t have a Wells Fargo account, you’re going to get an email from a business that you do business with, and it’s going to have your name on it.

It didn’t happen to you last time. It might not happen to you this time. But it could happen to you in the future and when it does, it’s going to be seriously hard to fix your credit. Here’s one version of a spear phishing attack: The perpetrator finds a web page for their target organization that supplies contact information for the company. Using available details to make the message seem authentic, the perpetrator drafts an e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential information, such as a network administrator. The email asks the employee to log into a bogus page that requests the employee’s user name and password or click on a link that will download spyware or other malicious programming.  If a single employee falls for the spear phisher’s ploy, the attacker can masquerade as that individual and use social engineering techniques to gain further access to sensitive data.

Internet security experts warn: the increased spear-phishing activity increases the odds that you or someone you know will take the bait.

* Source From Web