One of the most dangerous forms of cyber attacks known today are spear phishing attacks. Spear phishing attacks are a form of identity theft through email that involves making the victim believe the attacker is someone who holds authority over the victim, and the attacker using that position to get personal information from the victim. Examples of spear phishing attacks are worldwide, and have caused problems up to international conflict proportions. An example is as recent as May 2010, Chinese Hackers were caught trying to hack into the United States Chamber of Commerce. They did this by hijacking several known Chamber employees email accounts and used them to send out emails to other chamber employees giving a link to a site and saying that the receivers needed to click this link and enter their personal information.
So the question is, what would you do if you were in this situation?
First, look at the emails reasoning. Is the reasoning legitimate? Has your boss or whoever is sending this email mentioned to you they will be needing this information soon? No one should just email you out of the blue asking for personal information, your boss or whomever most likely would send another form of communication warning you or at least letting you know this was going to be happening.
Second thing to look at, the link provided. What site is the email telling you to put your information into? Often spear phishing emails has sketchy links, with unknown hosts and server names. If it is your work, your boss or company would most likely have you put your information on a company site, so is your company site the beginning of that address?
Third and finally, if you really are not a hundred percent sure this email is legitimate, ASK! Go to the source of this email and confirm this person is who they say they are. Worst case scenario, you get confirmation that it is indeed a correct email. Otherwise, you may just save yourself and a whole group of your co workers from some serious problems by bringing this attack to light.
Spear phishing attacks target specific people or departments, using fake identities of people of authority to steal personal information. With the rise of the internet, most likely everyone will face at least one phishing attempt in their lifetime. Knowing how to keep yourself safe from these attacks keeps your identity safe and personal, and is an important piece of knowledge in our technological world.