We often wonder why we are being targeted with spam, malware, phishing emails, etc. This is only natural. You’d think, ‘There are 8 billion people in this world. Why me?’ Well, you are, well, obviously, not alone.
Almost anybody who has an email address or is online has been the target of these attacks. And most of the time, it is totally random, in a way.
Breaches
Scammers get a lot of email addresses and information from major breaches. A breach occurs when a company you have an account with has its data stolen. It can also happen with any company you have done business with. Do you want to know if your information has ever been included in a security breach? You can check on HaveIBeenPwned.com. HaveIBeenPwned.com is a community-driven website that keeps track of these breaches. They keep a database of the types of information stolen and the email addresses associated with them. The data might include passwords, bank or credit card details. It might also have medical data or other personal information, depending on the nature of the business.
Bots
Scammers also get a lot of email addresses just from scouring the Internet looking for live email addresses. They do this with bots. Bots are programs that weave through the World Wide Web and scrape information from websites. Here they can grab your email address and possibly your first and last name if it is publicly available. There is an old saying ‘The Internet never forgets’. This means that even if you had your email on a website 15 years ago, a copy probably still exists. It likely remains somewhere.
Spearphishing
Spearphishing is a term used when you are specifically targeted. This means that the scammer has done research about you using various resources. It is a type of phishing attack that targets specific individuals or organizations. The attack uses highly personalized and compelling messages to trick the victims. It aims to make them reveal sensitive information, download malware, or send money.
So, sometimes, it is just you who is targeted, and they know a surprisingly large amount of information about you. They might have found information via the groups you belong to on Facebook or your posts on Facebook. They might have gone through your garbage and gotten your bank statements. While this sounds extreme, it has happened.
Scammers will go to great lengths to get your money. Scammers can dig up your holiday pictures, telling them you like to travel, and where you go. They know what special occasions you celebrate. They might even know your friends and family based on your Facebook profile or other social media accounts. (Check our article here on how to secure your Facebook account.) Once they get enough, they can convince you they are the real organizations they are pretending to be.
Imagine that they did get your credit card number? Would that be enough to convince you that it was Visa or MasterCard calling you? Or what about a grandchild texting you if they know which name to use – ‘Hi Grandma, it’s Bobby!’ ?
Spearphishing is a highly organized and carefully planned scam, but they do it because it works really well. It pays off really well for the amount of time they spend on finding out all about you.
In closing, they can get your information from anywhere. Being careful of what you are sharing online and with whom is important. Also be wary of what others are posting about you too, even on a community blog, or church website. If they include your email address, or other identifiable information, ask them not to and explain to them why. You know now.