BIRMINGHAM, AL (WBRC) - Spearphishing is a relatively new technique hackers are using now to target you in a much more direct and invasive way—and there's a lot of ways you could fall victim.
A hacker might send you an email that looks like it's from your email provider or bank or some other company you use, and says there's some problem you need to address, and here's the link to click to fix it. You click on the link that takes you to a legit-looking site where you put in your information and----you've been hacked.
Your easiest protection?
"Go to that site, go to the legitimate site or go to their site, get their contact information, call them ask them," says Deputy John Michael, one of the Jefferson County Sheriff's Department's cyber investigators. "Don't follow anything out of the links you receive."
A stealthier spearphishing attack is called social engineering--hackers create fake Facebook or Instagram accounts and friend request you. You accept and the hacker gets access to your pictures and all the information they can, then ask your bank or email provider or cloud storage service like iCloud to reset your password, and guess the answers to your security questions based on what they find on your profile.
The easiest way to protect against this? Keep your profiles private, and do some legwork every time you get a friend request.
"When you get a friend request, pick up the phone and call that person and say 'is this you? Did you just friend me?," says Assistant U.S. Attorney Daniel Fortune. "You'd be amazed at how many identity fraudsters are cloning people's Facebook pages or their accounts and then sending out friend requests."
Also, use 2-step authentication where every time you log into your account, your provider texts or emails you a unique code that you have to put in along with your password. It may take extra time, but the hassle can save you thousands.
"That's what we want is fast access, but if you hold your personal information sacred, then you're gonna wanna take those extra steps," Deputy Michael says.
Finally, be careful about using password managing apps. Fortune prosecutes most cyber crime in the Birmingham division and says he doesn't use one because the strongest set of passwords in the world aren't worth anything if the one place you store them is compromised.
"I don't want to put all my eggs in one basket," Fortune says. "Because if someone somehow access that account, that gives them access to my entire world.
In your house you have a key to your door, but it's a different key to get into your safe or your firearms cabinet, it's not the same key.
Think you're too smart to be a victim of this?
Fortune says an FBI agent in the Birmingham office a few years ago took this advice about checking your friends list closely and called his brother to make sure it was really him who friend requested the agent on Facebook more than a year before.
The brother said he'd never had a Facebook account yet somehow this profile had pictures of he and his children attached.