Phishing is a method of stealing confidential information by sending fraudulent messages to a victim. It is one of the most prevalent scams reported in Australia.
These messages can be sent via email, SMS, social media, instant messenger or phone call. They can look extremely sophisticated and convincing, replicating legitimate messages from reputable senders.
As well as featuring official-looking logos and disclaimers, phishing emails typically include a ‘call to action’ to trick us into giving out sensitive personal information, from passwords to bank details.
Spear phishing is a dangerous class of phishing, where criminals use social engineering to target specific companies and individuals using very realistic bait or messages, often resembling correspondence they would usually respond to.
People with a large amount of personal or corporate information online are easy targets. Adversaries use carefully tailored attempts to appeal to a target by using their personal and professional circumstances and social networks. In this way, targets of spear phishing emails are duped into opening malicious attachments and links.
Adversaries also make use of publicly available industry information such as annual reports, shareholder updates and media releases to craft spear phishing emails, and use sophisticated malware to evade detection.