{"id":62722,"date":"2017-08-01T00:00:00","date_gmt":"2017-08-01T00:00:00","guid":{"rendered":"http:\/\/blog.mozilla.org\/foxtail\/2017\/08\/01\/spear-phishing\/"},"modified":"2017-08-01T00:00:00","modified_gmt":"2017-08-01T00:00:00","slug":"spear-phishing","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/","title":{"rendered":"Don&#8217;t fall victim to spear-phishing"},"content":{"rendered":"<p>When <a href=\"http:\/\/www.cnn.com\/2017\/07\/31\/politics\/white-house-officials-tricked-by-email-prankster\/index.html\">CNN reported<\/a> that a \u201c<a href=\"https:\/\/twitter.com\/SINON_REBORN\">prankster<\/a>\u201d in the UK had managed to spear-phish White House officials, we wanted to share few thoughts about online security, spear-phishing and avoiding the sharp end of that awful spear.<\/p>\n<h2><b>Spear-phishing is tricky<\/b><\/h2>\n<p>\u201cPhishing\u201d is a broad term for when a malicious actor impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details or credit card numbers. It generally casts a wide net.<\/p>\n<p>\u201c<a href=\"https:\/\/en.wikipedia.org\/wiki\/Phishing#Spear_phishing\">Spear phishing<\/a>\u201d is more targeted, hence the name, and uses personal details to trick you. It\u2019s more sophisticated, and, unfortunately, research shows that <a href=\"https:\/\/www.firmex.com\/thedealroom\/spear-phishing-whos-getting-caught\/\">it works<\/a>.<\/p>\n<p>Reviewing the <a href=\"http:\/\/www.cnn.com\/2017\/07\/31\/politics\/white-house-officials-tricked-by-email-prankster\/index.html\">White House email messages posted online<\/a> reveals the sender used details about previous meetings and conversations to make themselves sound legit, and it worked. In this case, this information could have been culled from media coverage.<\/p>\n<p>The rest of us who aren\u2019t in the public eye still need to be sharp. We share personal information on social media accounts, professional networking sites, blogs, comments and so on. Clever perpetrators can use this seemingly innocuous information to their advantage.<\/p>\n<h2><b>Verify before sharing personal information<\/b><\/h2>\n<p>This can\u2019t be overstated. Today, more and more of our sensitive information is stored online, and we all need to do our part to thwart attackers and protect ourselves. <a href=\"https:\/\/blog.mozilla.org\/internetcitizen\/2017\/01\/25\/better-password-security\/\">Protecting our logins<\/a> is critical. It\u2019s up to all of us to <a href=\"https:\/\/blog.mozilla.org\/internetcitizen\/2017\/04\/21\/https-protect\/\">look out for scam websites and suspicious links<\/a>.<\/p>\n<p>If there\u2019s something \u201cphishy\u201d about a message, try confirming through another method like a phone call, text or asking in person. Though he didn\u2019t share his password or other highly secure information, Homeland Security Adviser Tom Bossert did pass along his personal email, unsolicited, because he trusted the message despite it being flagged by his email system. This brings us to our next thought.<\/p>\n<h2><b>When your email system flags a message as suspicious, you should&#8230;be suspicious<\/b><\/h2>\n<p>It stands out that at least one of the fake messages arrived flagged as [SUSPECTED_SPAM] by Bossert\u2019s email service. That should be an immediate red flag to double-check where the mail came from before trusting it.<\/p>\n<p>\u201cSometimes there are false positives, but it\u2019s worth having an IT person check it if you don\u2019t know how to do it yourself,\u201d said Dave Miller, Mozilla Network Administrator. \u201cThis is especially true when a message gets spam-tagged, and it\u2019s seemingly an \u2018in-company\u2019 mail, from someone in the same organization as you.\u201d<\/p>\n<h2><b>Avoid the hook<\/b><\/h2>\n<p>Whether or not you\u2019re being \u201cpranked\u201d or phished, if someone is provoking you over email, it\u2019s best not to take the bait. Don\u2019t respond to spear-phishing efforts. Mark the message as spam, forward it to your IT department or your email provider and move on.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When CNN reported that a \u201cprankster\u201d in the UK had managed to spear-phish White House officials, we wanted to share few thoughts about online security, spear-phishing and avoiding the sharp end of that awful spear. Spear-phishing is tricky \u201cPhishing\u201d is a broad term for when a malicious actor impersonates a legitimate one in order to [&hellip;]<\/p>\n","protected":false},"author":727,"featured_media":21661,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[],"coauthors":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Don&#039;t fall victim to spear-phishing | Tips from Mozilla | Internet Citizen<\/title>\n<meta name=\"description\" content=\"After White House officials fell victim to spear-phishing, we wanted to share few thoughts about online security, and what you can do to protect yourself.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/\",\"url\":\"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/\",\"name\":\"Don't fall victim to spear-phishing | Tips from Mozilla | Internet Citizen\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2017\/08\/moz_blog_internet-citizen_spearfishing.jpg\",\"datePublished\":\"2017-08-01T00:00:00+00:00\",\"dateModified\":\"2017-08-01T00:00:00+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c\"},\"description\":\"After White House officials fell victim to spear-phishing, we wanted to share few thoughts about online security, and what you can do to protect yourself.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2017\/08\/moz_blog_internet-citizen_spearfishing.jpg\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2017\/08\/moz_blog_internet-citizen_spearfishing.jpg\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Don&#8217;t fall victim to spear-phishing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/en\/\",\"name\":\"The Mozilla Blog\",\"description\":\"News and Updates about Mozilla\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c\",\"name\":\"M.J. Kelly\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/image\/70718b02fa9f11d88288b937f1da2ac1\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g\",\"caption\":\"M.J. Kelly\"},\"description\":\"Mozilla Communications\",\"url\":\"https:\/\/blog.mozilla.org\/en\/author\/mjkellymozilla-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Don't fall victim to spear-phishing | Tips from Mozilla | Internet Citizen","description":"After White House officials fell victim to spear-phishing, we wanted to share few thoughts about online security, and what you can do to protect yourself.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/","url":"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/","name":"Don't fall victim to spear-phishing | Tips from Mozilla | Internet Citizen","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2017\/08\/moz_blog_internet-citizen_spearfishing.jpg","datePublished":"2017-08-01T00:00:00+00:00","dateModified":"2017-08-01T00:00:00+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c"},"description":"After White House officials fell victim to spear-phishing, we wanted to share few thoughts about online security, and what you can do to protect yourself.","breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/#primaryimage","url":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2017\/08\/moz_blog_internet-citizen_spearfishing.jpg","contentUrl":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2017\/08\/moz_blog_internet-citizen_spearfishing.jpg","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/en\/firefox\/spear-phishing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/en\/"},{"@type":"ListItem","position":2,"name":"Don&#8217;t fall victim to spear-phishing"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/en\/#website","url":"https:\/\/blog.mozilla.org\/en\/","name":"The Mozilla Blog","description":"News and Updates about Mozilla","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c","name":"M.J. Kelly","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/image\/70718b02fa9f11d88288b937f1da2ac1","url":"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g","caption":"M.J. Kelly"},"description":"Mozilla Communications","url":"https:\/\/blog.mozilla.org\/en\/author\/mjkellymozilla-com\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts\/62722"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/users\/727"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/comments?post=62722"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts\/62722\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/media\/21661"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/media?parent=62722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/categories?post=62722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/tags?post=62722"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/coauthors?post=62722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}