Spear The Office of the innesota Attorney eneral helping people afford their lives and live with dignity and respect

In the “Land of 10,000 Lakes,” everybody knows what How It Works “fishing” is, and many people are also familiar with “phishing” Spear phishing occurs when a scammer poses as a scams. “Phishing” occurs when a criminal sends an company representative, often an executive or human impersonating a financial institution, government agency, or resources representative. The scammer sends an email to an reputable company and asks the recipient to verify his or her employee at the company, often from a hacked or “spoofed” personal or financial information. Today’s scam artists have or an address that closely resembles the now turned to a more sophisticated, targeted, and profitable company’s email format. For example, if a company’s email version of the scam, known as “spear phishing.” format is [email protected], a scammer might use [email protected], or [email protected]. History of “Spear Phishing” Phishing scams have existed in one form or another since Sometimes the scam artist asks employees to provide the late 1980s. Decades after the scam first appeared, personal information, such as Social Security numbers, tax people are more suspicious of questionable from documents, or account . Other times, the scam unknown senders. Spam filters often help prevent these artist asks the employee to send a wire transfer to another emails from ever reaching the intended recipient’s inbox. person or deposit a certain amount of money into an As a result, scammers are increasingly targeting people and outside bank account. The scammer often creates a sense businesses with spear phishing scams. While “phishing” of urgency so that the employee will send the requested emails may be sent to thousands of people, “spear phishing” information or money before he or she has time to verify emails are much more selective. the legitimacy of the request.

Spear phishing is often more profitable than a basic phishing It Happens Like This scam. First, scammers research a company to convincingly “Chris” received an email that appeared to come from his impersonate the target’s boss or co-worker. People are company’s human resources department. The representative more likely to be victimized because the email appears to asked Chris to send information from his W-2 form to her for come from a trusted source. Second, spear phishers may tax purposes. Chris noticed that the tone of the email was use the information they obtain to steal the identities of different from other emails he had received from the human every employee at a business and file thousands of fake resources department and thought it was strange that the tax returns. By filing fake tax returns or selling private representative did not already have his W-2 information. He information to other criminals, spear phishers can make a called the representative directly to ask about the email. lot of money very quickly, even if only one person falls for When she told him she did not send the email, Chris looked the scam. more closely at the sender’s email address and realized that it differed slightly from his company’s email format. Chris reported the email to the company’s computer specialist and the criminal authorities.

Minnesota Attorney General’s Office • 445 Minnesota Street, Suite 1400, St. Paul, MN 55101 Twin Cities Calling Area: (651) 296-3353 • Outside the Twin Cities: (800) 657-3787 • Minnesota Relay: (800) 627-3529 www.ag.state.mn.us Protect Yourself from Spear Phishing Guard personal information carefully. Attacks There are often safer ways to relay sensitive information than in an email. Check with your company about its The use of spear phishing attacks to steal personal security policies. information and money remains a widespread problem. There are several steps you can take to help protect Contact your company’s technology department. yourself—and your co-workers—from spear phishing Many companies have security protocols that protect attacks, including: the information in their systems from attack. It can be best to refrain from “clicking” on a link or downloading Verify the email with the sender. an attachment in suspicious emails, as doing so could Call the sender directly and ask about the email. Scammers jeopardize your company’s computer system. Many email prey on people’s desire to respond quickly to requests from programs allow users to forward emails without opening their boss or supervisor. Taking the time to verify the email them. You may wish to ask your computer’s technology could save you and others much more time and money department about how to safely forward any suspicious down the road. emails you receive to a specialist. Read suspicious emails carefully. Be vigilant on the go. People often recognize that an email is a scam when words Company-issued laptops and smart phones may also be are spelled incorrectly or there are grammatical mistakes. vulnerable to attack. Smart phones in particular may be Sometimes a scam email is written in a tone that is different subject to spear phishing text messages, which can cause from the one the sender usually uses, or the sender might as much damage as an email can. Don’t feel rushed by use a different version of your name—for example, an email strange requests that come while you are out of the office. is addressed to “Thomas,” but everyone calls you “Tom.” If something seems off, verify that the email is legitimate Reporting Spear Phishing Attacks before responding. You may report Internet to the Federal Bureau of Check the “from” email address. Investigation’s Internet Crime Complaint Center online at Make sure that the “from” email address matches your www.ic3.gov or to the following agencies: company’s email address format. Many email programs automatically display only the name of the person Federal Bureau of Investigation sending the email, rather than the full email address. Minneapolis Office Before you send sensitive information in an email, 1501 Freeway Boulevard make sure you are not sending the information to an Brooklyn Center, MN 55430 outside email account where it is no longer secure. If the (763) 569-8000 address matches your company’s email format —or even www.ic3.gov the sender’s real email address—you should still verify suspicious emails directly with the sender. Some scam Consumer Response Center artists hack email accounts or use technology to “spoof” 600 Pennsylvania Avenue NW their email address to make the emails look like they are Washington, D.C. 20580 coming from a legitimate source. (877) 382-4357 TTY: (866) 653-4261 www.ftccomplaintassistant.gov

This document is available in alternative formats to individuals with disabilities by calling (651) 296-3353 (Twin Cities Calling Area), (800) 657-3787 (Outside the Twin Cities), or through the Minnesota Relay Service at (800) 627-3529. The Minnesota Attorney General’s Office values diversity and is an equal opportunity employer.