Chumming the Waters

The things you do that attract spear phishers



Because you live a good part of your life online, you’re constantly leaving digital “chum” that can attract spear fishers. These details that you freely share can seem harmless and may include:

  • where you work
  • the schools you attended
  • awards you’ve won
  • your relationship status
  • travel plans

but in the hands of an adept cybercriminal can be turned into a potent spear phishing attack.

Here’s how:

  1. Spear phishers use search engines, social media sites and professional networking platforms to collect information about you. This research can usually be done in a matter of minutes!
  2. Pretending to be someone else, the spear phisher will write a very targeted and convincing email using your information. The email will include a link or attachment that’s infected with malware.
  3. The spear phisher then sends the email. Once you click on the link or download the attachment, the cyberattack begins.

While it’s impossible not to leave digital “chum” about your life online, it is possible to defend yourself from spear fishers by understanding how they work.

spear fishers will always use an emotional hook to pull you in

Whether it’s fear, ambition, pride, a willingness to connect or something else, spear fishers will always use an emotional hook to pull you in. For example, if you post how proud you are to see your child get accepted to your alma mater, a spear phisher may send you a fake email inviting the two of you to an alumni/student even that includes a malicious link to a schedule of events.


Dirty play? Absolutely, but spear phishers are only working with information you willingly provided. The takeaway here is to ask yourself if the information you’re sharing online can in any way be used to target you. If so, you may want to reconsider posting it.


To further protect yourself from spear phishing attacks, keep your guard up when you receive an email that’s pushing all the right emotional buttons—and never click a link or download an attachment until you’re absolutely sure you’re not being spear phished.

For more information about spear phishing, check out our infographic:



Related posts

Leave a Comment