How to Recognize a Spear-Phishing Email Attack Javascript must be enabled to use this site. Please enable Javascript in your browser and try again. × Search search POPULAR SEARCHES SUGGESTED LINKS Join AARP for just $9 per year when you sign up for a 5-year term. Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine. Leaving AARP.org Website You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply. Close

Spear-Phishing

Spear-phishing is a highly targeted, particularly destructive form of . Most phishing scammers cast a wide net, sending out generic mass emails in hopes of snaring a few victims. Spear-phishers research individual marks and craft personalized messages that appear to come from trusted sources, which helps them bypass traditional email security features like spam filters, according to a study by security company Barracuda. You might get what looks like an email, text or from a friend, a relative, a coworker or a company you do business with. It includes a request for personal information, a link to a company site or an attached document that requires immediate attention. Clicking the link or downloading the file infects your device with malware or spyware that , peruses your files or tracks your every keystroke. Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine. Spear-phishers have numerous tricks to make the ruse plausible. For example, they might: • dig up personal and professional information from a variety of sources, including public records, your employer’s business website and your social media profiles. • hack email and social media accounts and send messages to people on the victim’s contact list. • utilize information obtained through . • set up fake customer-service accounts for big brands to glean info from unsuspecting consumers (a practice called “angler phishing”). Spear-phishing has become a key weapon in . More than 80 percent of US companies and organizations surveyed by cybersecurity firm Proofpoint reported experiencing a spear-phishing attack in 2020, and 38 percent said they were targeted more than 25 times. Another variation targets homeowners: An email supposedly from your mortgage company says your loan has been sold and provides a link to the new lender’s website. Any payments you make there go into the crooks’ pockets. Groceries 20% off a Freshly meal delivery subscription See more Groceries offers >

More Resources

Report spear-phishing attempts to the FBI’s (IC3), or to an in your area.You can also report phishing to the Federal Trade Commission at its online , and to the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) at . MORE FROM AARP AARP NEWSLETTERS %{ newsLetterPromoText }% %{ description }% Subscribe AARP VALUE & MEMBER BENEFITS See more Health & Wellness offers > See more Flights & Vacation Packages offers > See more Finances offers > See more Health & Wellness offers > SAVE MONEY WITH THESE LIMITED-TIME OFFERS