A lot of the phishing scams we list here are examples of spear phishing, phishing scams tailored to some piece of information about you or your involvement with the University of Delaware. For example, the Fake PNC Email Message seen on campus in September was worrisome because its senders targeted UD addresses, knowing that many UD students and employees have PNC accounts and that UD has a business relationship with PNC.
Spear phishing is another example of hackers applying social engineering (manipulation!) to their schemes. Social engineering is geekspeak for manipulating/schmoozing/sweet-talking information out of someone as part of an attack or fraudulent scheme. In spear phishing, the miscreants construct their messages in such a way as to manipulate you into thinking the message is coming from your bank, shipping company, university, or other trusted entity. They hope you’ll be lulled into supplying personal information that they can use to further their schemes.
Two recent articles may help you see how social engineering and spear phishing can be dangerous:
- Loose lips still sink corporate ships (Computerworld, 11/3/11)
- Spear phishing more effective when it uses social engineering (InfoSecurity Magazine, 11/9/11).
If you want to report a possible phishing or spear phishing attack, review our advice about reporting a phishing scam.