What is spear phishing?
Typical bulk email phishing attempts are being replaced by more targeted techniques. Although they require more work and interaction, they are far more profitable.
Spear phishing is a trick to fool victims into thinking they’ve received an email from someone they know and trust. It’s an attempt to get information such as bank details, passwords, sensitive company details or data.
How does spear phishing work?
You will receive an email that appears to be from someone you know, or someone you do business with. The sender often knows details about you or your business, so it gives the email a genuine look.
In reality, it’s from a cybercriminal who has designed this email specifically for you. To do this, they personalise the message by using social engineering techniques such as trawling contact pages on company websites.
This ‘trawling’ is to identify key employees, such as a network administrator or company director, who could reasonably request confidential information or bank transfers.
These emails tend to request immediate action which is designed to rush you so that you don’t have time to think.
On other occasions, the objective of the cybercrimial could be extortion. A spear phishing email may be to try and fool you into installing ransomware – a type of malware (malicious software) designed to infect a computer and restrict access to it until a ransom is paid.
How do you protect yourself and your team?
Due to the effort that has gone into each individual email, traditional security (such as spam filters and virus scanners) make them difficult to stop.
The best way to avoid a spear phishing attack is to train staff – especially those most in danger of being targeted, such as those responsible for finances – to spot suspicious emails and be aware of the latest eSafety advice.
New algorithms are introduced regularly to detect the latest scams, so be sure to keep your operating system, spam filters and anti-virus products up-to-date.
Top tops for preventing spear phishing attacks
1 – Check any unusual payment requests in person
2 – Document an internal process for authorising payments
3 – Question any unexpected requests for urgent action
4 – Re-read any emails for style of language compared to other emails from the same person
5 – Be aware of emails that ask for credit or debit card numbers, your full name, driving licence numbers, postal address or email addresses.
6 – Check for poor spelling and grammar
Itek provides IT solutions for your entire IT infrastructure. Your business can experience a cost-effective service at a predictable fixed rate, removing the burden from you and your team and freeing you to focus on your goals.