What is spear phishing?

Feb 21, 2014 | General Interest, Mobility, Networks, Security

One of the most common threats to business and individual systems is phishing. This form of hacking is well known and many users have educated themselves on the more traditional methods used by hackers. This has forced hackers to come up with different phishing techniques, and one of the methods that is causing problems is spear phishing.

What is spear phishing?
Spear phishing is a specialized type of phishing that instead of targeting a mass number of users, as normal phishing attempts, targets specific individuals or groups of individuals with a commonality e.g., an office.

Generally a hacker will first pick a target and then try to learn more about the related people. This could include visiting a website to see what a company does, who they work with, and even the staff. Or they could try hacking a server in order to get information.

Once they have some sort of information, usually a name, position, address, and even information on subscriptions, the hacker will develop an email that looks similar to one that another organization might send e.g., a bank. Some hackers have been known to create fake email accounts and pose as a victim’s friend, sending emails from a fake account.

These emails are often similar to official correspondence and will always use personal information such as addressing the email to you directly instead of the usual ‘dear sir or madam’. The majority of these emails will request some sort of information or talk about an urgent problem.

Somewhere in the email will be a link to the sender’s website which will look almost exactly like the real thing. The site will usually ask you to input personal information e.g., an account number, name, address, or even passwords. If you went ahead and followed this request then this information would be captured by the hacker.

What happens if you are speared?
From previous attack cases and reports, the majority of spear phishing attacks are finance related, in that the hacker wants to gain access to a bank account or credit card. Other cases include hackers posing as help desk agents looking to gain access to business systems.

Should someone fall for this tactic, they will often see personal information captured and accounts drained or even their whole identity stolen. Some spear phishing attacks aren’t after your identity or money, instead clicking on the link in the email will install malicious software onto a user’s system.

We are actually seeing spear phishing being used increasingly by hackers as a method to gain access to business systems. In other words, spear phishing has become a great way for people to steal trade secrets or sensitive business data.

How do I avoid phishing?
Like most other types of phishing related emails, spear phishing attempts can be easy to block. Here are five tips on how you can avoid falling victim to them.

[list style=”bullet”][li]Know the basic rule of business communication – There are many basic rules of communication, but the most important one you should be aware of is that the majority of large organizations, like banks, social media platforms, etc., will not send you emails requesting personal information. If you receive an email from say PayPal asking you to click a link to verify your personal information and password, it’s fake and you should delete it.[/li][li]Look carefully at all emails – Many spear phishing emails originate in countries where English is not the main language. There will likely be a spelling mistake or odd wording in the emails, or even the sender’s email address. You should look out for this, and if you spot errors then delete the email immediately.[/li][li]Verify before you click – Some emails do have links in them, you can’t avoid this. That being said, it is never a good idea to click on these without being sure. If you are unsure, phone the sender and ask. Should the email have a phone number, don’t call it. Instead look for a number on a website or previous physical correspondence.[/li][li]Never give personal information out over email – To many this is just plain common sense – you wouldn’t give your personal information out to anyone on the street, so why give it out to anyone online? If the sender requires personal information try calling them or even going into their business to provide it.[/li][li]Share only essential information – When signing up for new accounts online, there are fields that are required and others that are optional. Only share required information. This limits how much a hacker can get access to, and could actually tip you off. e.g., they send you an email addressed to Betty D, when your last name is Doe.[/li][li]Keep your eyes out for the latest scams – Pay attention to security websites like those run by the major antivirus providers, or contact us. These sites all have blogs where they post the latest in security threats and more, and keeping up-to-date can go a long way in helping you to spot threats.[/li][/list]

<p>&nbsp;</p>

If you feel that your company is a victim of spear phishing or any other type of malware and security threat, get in touch and let’s make sure that your security is up-to-date and that security policies are in place to help avoid these issues in the future.

Truth-About-Data-Breaches

Recent Posts

Cloud Use Cases for Small and Growing Businesses

Cloud Use Cases for Small and Growing Businesses

As you may have heard, the cloud is a network of remote servers hosted on the Internet. But for businesses the world over, the cloud represents the next step in technological evolution. The cloud unlocks speed, flexibility, scale, and cost savings that businesses of...

2023 Cybersecurity Trends for Small Business

2023 Cybersecurity Trends for Small Business

The threat of cybercrime continues to grow each year, and small businesses are particularly vulnerable. The latest cybersecurity trends indicate that organizations of all sizes must remain vigilant in order to protect their valuable data.  In this article, we'll cover...

Security in a Co-Managed IT Environment

Security in a Co-Managed IT Environment

Security in a co-managed IT environment looks a little different than in a traditional environment. Don’t be alarmed. When leveraging a partner to co-manage your environment, you’ll actually have better, more robust security in most cases than if you were to manage...

Five Signs you Need Better IT Support

Five Signs you Need Better IT Support

IT systems can make or break any business. They provide an avenue for communication and collaboration, help with organizational efficiency, and drive improved customer service. Without proper IT support, businesses are often left in despair and experience hindering...

Co-Managed IT Services for Financial Services

Co-Managed IT Services for Financial Services

Financial services companies are faced with the challenge of keeping up with technology because they cannot sacrifice data security or compliance. As a result, more organizations are turning to co-managed IT services as an option that provides a balance between cost...

Co-Managed IT Services for Oil and Gas

Co-Managed IT Services for Oil and Gas

The Oil and Gas industry is an ever-evolving sector that operates in a highly competitive global market. Companies must stay ahead of the competition to remain profitable, which means keeping up with the latest technologies and trends. One way to do this is with...