![Which? Tech Support package](https://media.product.which.co.uk/prod/images/original/f8c07aac92f1-techpanel500px.jpg)
Get Which? Tech Support for £49 a year
Contact our experts for unlimited 1-to-1 support by phone, email or remote fix.
Find out morePersonalised scam messages are much more convincing than generic ones – if a scammer can gather enough information on you, you’re a target.
Spear-phishing is cleverly used by scammers to evade the usual evidence you count on to detect scams.
When non-specific language is replaced with your name, address and date of birth, as well as something distinct, such as where you work or where you went to school, it's much easier to get conned by scam messages.
However, there are ways to scrutinise spear-phishing attempts and detect what's genuine and what isn't. Read our tips below to find out how.
(A version of this article was published in the June 2024 issue of Which? Tech magazine.)
News, deals and stuff the manuals don't tell you. Sign up for our Tech newsletter, it's free monthly
Spear-phishing uses information gathered on us to make scam messages more convincing. Generic emails, texts or messages saying that your bank account information has been compromised are transformed into eye-catching messages filled with your personal details, prompting you to take a second look.
Chris received a call from Piccolino Restaurant in London saying the venue owed her the £30 deposit she supposedly made when booking via OpenTable. Although she did book the restaurant via OpenTable, she didn't recall making a deposit.
The caller went on to tell her she could refund the deposit via a voucher – or reimburse it back to her card. Chris thought it didn’t seem right for a member of staff to take card details over the phone.
After Chris expressed her doubts, the caller's tone noticeably changed and became agitated. ‘It’s up to you if you want the deposit back or not’. Chris repeated her card number and expiry date.
She was still suspicious but the caller reassured her: ‘How would I know that you came into the restaurant at 5pm, left at 6.30pm and were celebrating a 60th birthday?’ This was all correct, and Chris went on to give the three digits at the back of the card.
After finishing the call, Chris descended into a complete panic as she knew something wasn’t right. A few minutes later, she received another scam call purporting to be from her bank.
Luckily, Chris realised this before it was too late, called her bank on a trusted number and cancelled her card.
We contacted the owner of Piccolino Restaurant, Individual Restaurants, and were told: 'One of our restaurants was subject to a phishing scam on 20 August 2023. It was an isolated incident during which a scammer was able to access the database for this specific restaurant, which contains phone numbers and booking details made via OpenTable.
'We responded promptly following notification of the incident and immediate steps were taken to close down access to the database, as well as contact any guests who may have been impacted. Further measures have been implemented internally, in partnership with OpenTable, to prevent future incidents.'
If you’re wondering how a spear-phishing fraudster does their research, think back to that picture of your last holiday which you posted on Facebook or the work history in your LinkedIn profile.
In a survey* where we delved into the social media habits of thousands of people in the UK, we found that on their public Facebook profiles:
This can give a scammer some basic information to address you by name and include your location in a scam message.
Now, a fraudster could call or email you, impersonating a colleague or offering you a job in your field.
This information can allow fraudsters to develop seemingly uncanny messages that know where you are and where you’ve been.
Even if you lock down the information you put out online, you can still be a target. Think of all the websites you visit and the ton of data you give away when you do. While this data isn’t used for nefarious purposes, it can be if fraudsters are able to access it, and once data is breached, criminals can use it to create spear-phishing messages.
If you receive a message or phone call with information that only you would know, think about whether the details are truly exclusive knowledge and ask yourself: ‘Is there any way someone could find this out?’
Find out how to spot and protect yourself from scams
Our survey* found that:
Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.
Sign up for scam alertsEvery online or in-app click on your device takes you through page after page, capturing various data about you and your habits. Everything you type online puts more information about you onto the web.
Here are some methods of protecting yourself from scammers spying on you:
Find out more - 11 things every smartphone owner should do to keep their data safe.
Which? Tech Support can help you keep on top of your home tech. Our experts explain things clearly so that you can resolve issues and feel more confident using your devices. Know someone who will benefit from a Tech Support subscription? Give the gift of a year's worth of expert advice.
Get unlimited 1-2-1 expert support:
You can join Which? Tech Support. Know someone who will benefit from a Tech Support subscription? Give the gift of a year's worth of expert advice.
Contact our experts for unlimited 1-to-1 support by phone, email or remote fix.
Find out moreWe surveyed 2,098 UK adults in January 2024. The results were prepared by public opinion consultancy Deltapoll for Which?