Contact Us
Firm Overview
Why Legend Is Different
Client Types
Professional Biographies
Frequently & Rarely Asked Questions
Risk Spectrum
Investment Strategies
Second Opinion
Global Investment Pulse
Event Calendar
Press Center
Legend News
Clients Only
Career Opportunities
Newsletter Sign-up
Site Search
Site Map
Tell A Friend About This Website
Informational Booklets   
Phone: (412) 635-9210
  (888) 236-5960
Connect With Legend:
Subscribe to me on YouTube

Protect Yourself Against Spearphishing

The U.S. Justice Department recently charged 12 Russian military officers in a history-making spearphishing scam.  The 12 defendants were charged with conspiring to interfere with the 2016 presidential election by stealing information from E-mail accounts of volunteers and employees of a U.S. presidential campaign.  While the scam may sound sophisticated, it is a simple digital fraud and anyone using E-mail can be attacked if they are not cautious.  Listed below are a few possible ways to protect oneself.  Please remember this is not a comprehensive list.


With spearphishing, a hacker sends an E-mail message that tricks individuals into disclosing their username and password to a secure account.


The E-mail looks like it comes from a legitimate source, such as Microsoft, Federal Express, or another company that most individuals trust.  For instance, as shown above, one might receive a message that their E-mail inbox is “99% full.”  If they are in a rush or simply not a sophisticated computer user, they might just click on the link to clean up their E-mail inbox.  They may not realize that this message is a fraud and clicking on the link installs a malicious program on their computer that records their keystrokes and sends hackers their passwords.


Many variations of these schemes exist and new ones keep appearing so fast that security software programs cannot keep up.  Perhaps the most important way to thwart a spearphishing attack is by carefully examining links in E-mails before clicking on them.


Hovering over the “Clean Up Mailbox” link in this example displays a link to a strange Website and not one’s E-mail program.  If the link is unfamiliar, it is usually best not to click on it.


Another popular spearphishing scam is notification about a package.  Here again, hovering over the link in the E-mail displays a Website address that is absolutely, positively not Federal Express.


Notably, the E-mail account from which this message was sent is not a legitimate account.


Often the “from” E-mail address will tip off a possible fraud.


Phishing E-mails until recently were easy to spot because they commonly contain misspellings and grammatical mistakes.  A scan of hundreds of recent phishing messages indicates fewer telltale signs.  The scammers are getting smarter.


While the “cat versus mouse” hunt to protect against spearphishing lately has been won by the evildoers, software solutions are growing stronger.  For example, Microsoft Office 365 online users now have a new way of designating a message as Phishing.  This new feature of “blacklisting” a malicious message prevents that same scam from hitting again and gives Microsoft information about its origin.  Of course, anti-virus software is a must.


In addition, two-factor authentication is becoming more widely used.  This requires a user to verify their activities using a cell phone in combination with an E-mail address or Website login.  These methods are not foolproof, but they do make it much more difficult to hack.

©2018 Legend Financial Advisors, Inc.®. All rights reserved.