Cyber Security and Cyber-attacks have been making news at an alarming rate. Businesses, both large and small, are being attacked more and more frequently. One of the most effective ways that a scammer can get into a system is through a spear phishing attack. Though many people have heard of the term “Phishing”, “Spear Phishing” is more targeted to its intended victim and is a threat that needs to be addressed.
What is Spear Phishing?
Spear Phishing is when an attacker investigates their target and crafts an email that will appear to be from a legitimate sender that the target works with or knows. The goal is to put the target’s mind at ease so that they will fulfill whatever request the attacker asks for.
The email or request will include personalized information such as:
• Your Name
• Your Company
• Your Email
• A Colleague
• Your Bank
• Companies that you do business with
• Any other Pertinent Information
What is the Difference between Spear Phishing and General Phishing?
The major difference between Spear Phishing and general Phishing is that with Spear Phishing, the attacker is targeting a particular person by using information they have gathered about that person. With general Phishing, the attack may or may not be targeted and is typically sent out to multiple people with the hope that one engages. There is no discerning factor to these emails.
Think of the differences as if you were actually fishing out on the ocean or on a lake. With a harpoon, you can target a particular fish and go after that fish alone. This is how spear phishing works. The attacker is targeting a particular person with their spear phishing attempt. Now, if you went out with a net, then you would catch everything that swam into it. There is no rhyme or reason to what gets trapped, anything and everything is a possible victim. It is similar to general phishing because this sort of phishing does not target a particular person or organization, it is looking for whoever or whatever will engage with the attack.
How to avoid falling victim to a Spear Phishing attack:
Since spear phishing is more targeted, it is more difficult to catch. People are naturally inclined to complete a task if it seems legitimate. So, how can an employee or business owner recognize a spear phishing attempt?
- Pay attention to all details in a request
It is easy to go on autopilot when responding to emails at work. So, when an email comes in from a name that is recognized, like the owner of a company, it is second nature to fulfill the request or do whatever is being asked. Pay attention to little details of the email, such as the email address sent or dates/times list, these are clues to validate how legitimate the email is.
2. Ask questions!
If a request seems like it is out of the norm, such sending iTunes gift cards to ‘X’ person, then it is best to get in direct contact with the person requesting the item. Instead of replying directly to the email, call whoever is in theory asking for the request to be fulfilled. The phone call takes email out of the equation and will allow for the employee to get a straight, legitimate answer.
3. Empower your team!
By empowering your team, you are giving employees room to use critical thinking skills and will open lines of communication. An empowered team will have no issue getting in contact with you if there is a seemingly illegitimate request.
The world of technology is consistently evolving. Though it has made businesses run smoother, it is a bit of a double edged sword. With the rise in technology, cyber-crime rises as well. Being aware of threats is the first step to preventing them. By using the tips above, businesses will be able to prevent spear phishing attempts.