What is Phishing or Spear Phishing?

In this post, we dive deeper into the subject of phishing and specifically spear phishing and how you can protect yourself from becoming a victim.

Legal Shred has spent the greater part of this month looking into some of the latest security threats plaguing the public to keep our customers informed and to protect their financial future and overall well-being. It’s all part of our new “Cybersecurity 101 for Small Businesses” series.

In this post, we’ll dive deeper into the subject of phishing and specifically spear phishing and how you can protect yourself from becoming a victim.

Email attacks are one of the most common forms of entry for thieves. They target vulnerable and unknowing recipients and trick them into clicking on links or responding with personal details.

Even if you’re pretty good at spotting these bogus correspondences, scammers have gotten clever these days and have fooled even the most cautious Internet users.

First, let’s look at the differences:


In phishing email attempts, bad actors send out a mass batch of scam emails to a random large pool of recipients. Their hope is that of that large number, at least some will be tricked into responding. They use tactics like pretending to be from a legit company (like a shipping service or utility company) and include a link within the email to ask you to confirm details about your account or the status of a delivery. Since so any people today are using Amazon or do indeed get emails from businesses they deal with, it can be really easy to click the link without thinking.

Once you click it, you could either know immediately that something bad just happened – maybe a file starts to download or if they have created a bogus website to mirror the actual company’s page, you might fill out a form with your data and that information is exactly what they need to complete their scam and move on to identity theft or other harm.

Spear Phishing

This type of email attack is similar in what was described above as in a scammer is looking to trick the user into providing personal information they can use for malicious reasons, except these attacks are very targeted. To gain this targeted information they may scan social profiles, research recent purchases and friends of the victim to make a close correlation and gain their trust. The thieves know who they are sending these attempts out to and what to say to trick them. The intent is to get malware installed on a computer or network of devices where they can then infiltrate devices at a business or organization for example and begin their attack.

Here are 3 things you can do to protect yourself from these email scams:

  1. Be cautious with emails. Since these types of attacks come through from seemingly credible sources, it’s important to pay close attention before you respond or click. If there is an urgent request for your personal data or something seems off, pause. Hover over the email address or the link and be sure the actual sender is legit. Better yet, pick up the phone and call them to verify the communication.
  2. Don’t overshare. Be careful about what personal information you share out on social media and public networks. This data can be collected to orchestrate an easy attack against you. Don’t overshare and be sure to protect sensitive information at all times.
  3. Update your software often. One of the easiest ways for an attacker to exploit a system is to get in when there aren’t protections in place. At the rate that new attacks are being created, it’s important that you frequently update your security software for the best protection.



Service Areas: New York ShreddingLong Island Shredding; New Jersey ShreddingConnecticut Shredding and more!