A spear phishing scam is refined and a more specific version of phishing. Under spear phishing an individual, group of individuals or a business is targeted and phishing emails are sent to them by misrepresenting known or trusted persons. Unlike conventional phishing mails that are apparently fishy in terms of sender email id and content, spear phishing is a kind of e-mail spoofing attack wherein:
- The mail id of a person who the victim knows or trusts is used
- The intention is to hijack sensitive data or to install malware when the emails are opened
- The subject line is tailored to pick a topic on interest to the victim, by carrying out intelligence on the victim’s life and preferences, from social media accounts etc.
Failure to report these scams will lead to unauthorized access to scammers to harvest important information and misuse them for fraud.
Report phishing scams to APWG (Anti Phishing Working Group)
APWG is a global coalition formed in response to phishing attacks and cybercrime, at large. The various functions of APWG include:
- Collection of important information on various kinds of spear phishing attacks
- Preparing and publishing lists of malicious credential collection sites
- Educate internet users on global phishing trends
- Releasing white papers on cyber crimes
- Research partnership with organizations like US Cert, APACS and JP Cert
- APWG Malicious Domain suspension program (AMDOS) and implementation
Victims can direct their emails to firstname.lastname@example.org in order to report phishing scams.
Report Phishing scams to US CERT
The United States Computer Emergency Readiness Team was formed in 2003, to protect the nation from indiscriminate cyber-attacks. To report phishing scams, victims can:
- Use the incident reporting system for reporting phishing, vulnerabilities and malware
- Ascertain the extent of cybercrime by visiting federal incident notification guidelines
- Subscribe to alerts from US CERT for receiving tips and updates
- Use the National Cyber Awareness System for access to various anti-phishing resources
The organization releases periodic bulletins on phishing trends as well as trending software vulnerabilities.
Report phishing scams to FBI
It is important and mandatory to report phishing attacks to the federal authority for cyber security, namely the FBI. The FBI fights spear phishers by:
- Liaising with different entities like the Internet Crime Complaint Center for various anti-phishing measures
- Conduct formal cybercrime investigation by implementing the White Collar Crime Program against cyber criminals and bank frauds
- Establishment of dedicated task forces under the leadership of professional experts in anti-phishing and internet security
- Working with the National White Collar Crime Center and the Bureau of Justice Assistance in fighting many commonplace confidence tricks in the online forums
To report phishing scams is not only a critical step but is very important to stop cybercrime from increasing in proportion and geography. Anti-phishing tools must be incorporated in emails as well as in computers used by both individuals and businesses. Cyber intrusions have become so sophisticated that even emails from known sources must be opened, especially with due diligence while opening attachments and clicking on links.