Phishing Scams Use Your Social Network Against You

Be on the lookout for some new, email-based attacks spammers are using to infect people’s machines with malware.

Spear phishing targets companies and individuals directly by sending email that looks like it comes from a coworker or friend but uses a different email address. It’s much harder to spot than your run-of-the-mill fake dating site/drug spam, which is why it’s been so effective.

How are they getting information about my friends, family, and co-workers?

Similar to social engineering efforts, we suspect scammers gather information posted publicly to websites and social networks like Facebook and LinkedIn. Even if your profiles are set to “private,” information may be gathered about you based on the people in your network.

What can I do?

First, make sure you how to identify a spear phishing email:

It’s from a name you know, but there’s a minor misspelling/typo.

Often, this means two characters are swapped, or they’ll add or remove a letter.

Email Address Validity Email Address Issue with Email Address
Actual email address sallyjones@gmail.com
Spam fakes sallyjjones@gmail.com extra j
salllyjones@gmail.com extra l
salyjones@gmail.com missing l
sallyijones@gmail.com fake middle initial
sallyjenos@gmail.com swapped e and o

 

It’s sent from the wrong domain.

For example, sallyjones@ggmail.com or sallyjones@gmail.cx.

It contains a link to a website.

This can be tricky, because spammers will try to hide dangerous links in a sentence (“Hey, check out this blog post that might help you out at work”) or behind a seemingly legit URL (“Hey, that article I was talking about is on qctimes.com/local-business today.”).

It might even be a link to a compromised area of a site you trust (www.qctimes.com/asdf/badstuffhere/funnyvideo.html). Or, they might try to trick you by using fake subdomains. For example, this web address – www.gmail.tsts.com – would point to our servers here at Twin State, not at Gmail.

Simply clicking on bad links puts your computer at risk.

Even if you aren’t asked to install anything or enter passwords, your machine may be infected by visiting a compromised website. That’s why it’s so important to be on the lookout for spear phishing techniques.

When in doubt, it’s best to check with your source directly.

TSTS Briefing Room

TSTS Presents:
The Briefing Room

Welcome to The Briefing Room – our ongoing series of live sessions where we break down what’s happening in technology, what it means for your business, and how to stay ahead.

From AI to cybersecurity and everything in between, these aren’t sales pitches. They’re honest conversations led by our team of experts— built to help you feel more informed, more prepared, and more confident navigating what’s next.

Whether you re leading tech strategy or just trying to make smarter decisions, you’re welcome here.

Events Calendar
Newsletter signup

SIGN UP FOR OUR TECH TALK eNEWSLETTER

Bite-sized Tech Wisdom.
Zero Geek Speak

Once a month, we break down what’s new, what’s next, and what actually matters in IT – no jargon, no fluff, just practical insights you can put to work.

newsletter airplane
Newsletter Step 1

Start typing and press enter to search

Scroll to Top