How to Avoid Spear Phishing Attacks

Spear phishing is one of the most malicious, targeted attack schemes you’ll come across on the internet. If you have any internet presence at a company or in a position where you have access to money, scammers will attempt to socially engineer you into giving them otherwise secure information. A single successful spear phishing attack at a moderately successful business is estimated to cost approximately $300,000.

Most often, this type of attack will come in the form of an email from one of your bosses or peers at your workplace. It will ask you to log into a sensitive account or ask you to download and open a file to edit. But if you closely examine the email sender, you’ll find that it’s not from the sender it says it’s from. In fact, it’s from a false email engineered to look like your boss’s account. So how do you deal with these types of targeted attacks? Here, we’ll go over some methods to stay vigilant and decrease the potential ramifications of these events.

1. Check Before You Click

When you read an email that has an external URL link, don’t click on it right away, even if your first urge is to do just that. Before you click on the link, take a moment to step back and look at the email objectively. Has the sender mentioned they were going to send you a link to a document recently? Have you talked with your boss about a specific task that he or she is now emailing you about? In any case, take a closer look at the link or document type contained within the email.

If there’s a link in the email, hover over it or paste it into a link-checking website or software. A link contained within a spear phishing attempt may take you to a sham website, engineered to look like the website you’re supposed to go to but with an unknown URL. The link-checking website will tell you what the actual URL of the website is if it’s masked under a link shortener.

2. Don’t Connect Social Media and Work

Spear phishers will constantly scan social media to find employees at different companies. Your personal Facebook, Instagram, or even Twitter could be a source for these scammers to mine for data. If you post about interaction with your boss, then a scammer may be able to get enough information to craft an email from that boss. Since you’ve interacted with the real person recently, you’ll be more inclined to respond or interact with the email, an action that is exactly what the scammer is looking for. Other things that aren’t great to post are your coworkers’ names, your work email, and your work phone number. By minimizing the information you post about your workplace, you reduce the likelihood of a phishing attack actually working.

3. Talk To the Sender

Talking to the alleged sender of an email is by far the most effective method of dealing with spear phishing. Since these attacks primarily rely on you interacting with an email from your boss or from a peer, simply finding the sender and asking if he or she sent the email is a quick way to ensure that it’s legitimate. It’s also a quick way of finding out if spear phishing campaigns are occurring at your company in general, which in turn can help your company’s IT department increase email security before any monetary loss occurs. If you can’t get face-to-face contact with the sender (a common occurrence when the sender is not an employee, but a service that you and your company uses), you can always call their customer support directly and leave a voicemail.

Spear phishing campaigns are scary for employees and for companies, as a single successful attack could lead to huge financial losses. Staying alert is absolutely critical, and understanding exactly how these attacks work is essential for safety. These simple tips will help you mitigate the vast majority of potential attacks, ensuring that you don’t accidentally let sensitive information get into the hands of malicious actors.