Spear phishing attacks – SCAM OF THE MONTH

to hack 7109362 1280

In the offices of a renowned robotics firm, Lisa, a lead engineer, was designing a new autonomous drone system. Her concentration was broken by an unexpected email from Dr. Morris, a prominent figure in robotics and someone Lisa greatly respected.

The subject of the email read, “Urgent: Proposal for Collaborative Project in Robotics.” Intrigued, Lisa opened the email, which articulated a proposal for a joint venture between her firm and the university where Dr. Morris was a lead researcher.

Attached was a document named “Project Specifics.pdf.” The email captured the tone Lisa would expect. She was ready to open the attachment when a detail made her pause: the email address looked strange. She found the professor’s official university email on the department website and sent an inquiry, attaching the received proposal for reference. Dr. Morris replied, confirming Lisa’s suspicions: she had not sent the email and it was likely a scam.

Did you spot the red flags?

• Lisa should not have forwarded the document to Dr. Morris in case the attachment contained malware.
• Lisa should have alerted her IT team and her fellow employees about the message.
• The sender’s email address looked suspicious. Always use the SLAM method to evaluate the different parts of a message.

What you should know about this scam

If you are unsure whether an email is legit or not, it is best to research the organization’s contact information or verify the message with the sender through another source.

Spear phishing attacks often use specific details about an individual to get them to trust the message. With AI, cybercriminals can generate these messages easier than ever before. Just because a message includes information personalized to you, doesn’t mean you can automatically trust it.

Share: