The agency provides some simple advice on how users can protect themselves

Jun 26, 2013 10:38 GMT  ·  By

The Federal Bureau of Investigation (FBI) warns that cybercriminals are increasingly relying on spear phishing attacks in an effort to compromise the computer networks of organizations from several industry sectors.

Unlike regular phishing attacks, spear phishing attacks are targeted only at certain individuals or organizations. These types of phishing emails usually contain accurate information obtained by the cybercrooks from blogs, websites, and social media accounts.

By adding genuine details to the malicious notifications, the attackers increase the chances that the victim will follow the instructions and click on a link or open an attachment.

“Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated. The e-mail contains a link for completing the update,” the FBI notes.

“If victims click the link, they are taken to a fraudulent website through which malicious software (malware) harvests details such as the victim’s usernames and passwords, bank account details, credit card numbers, and other personal information. The criminals can also gain access to private networks and cause disruptions or steal intellectual property and trade secrets.”

The FBI advises users to keep in mind that legitimate businesses will never ask them to hand over personal information such as usernames and passwords via email.

In case the message appears genuine, the company that allegedly sent it should be contacted. However, the contact details should be obtained directly from the organization’s website – never call the number from the email since it could be fraudulent.

Keeping antivirus software, firewalls, and web browsers updated at all times is also recommended, since many of them are designed to identify phishing attempts.

Finally, as a general rule, avoid clicking on links or opening attachments contained in emails, especially if the sender is not known or trusted, or if they’re asking you to update account information.

If you believe you’re a victim of a spear phishing attack, file a complaint with the FBI’s Internet Crime Complaint Center (IC3).