What is Spear Phishing and how to avoid it!

People often believe that email phishing scams are obvious and that falling victim to such occurrences is absurd.

Phishing is the attempt to obtain sensitive information (e.g. passwords and credit card details) usually for malicious purposes by concealing as a trustworthy source. The word is a homophone of fishing due to the resemblance of using bait to try and catch a victim.

Although the majority of us would like to believe that we are knowledgeable about this type of scam, the tactics used have rapidly developed, making them more believable.

Have you ever received a generic email from one of your contacts requesting you open an attachment, click on a link or even transfer funds? Although these may seem like harmless requests you may have just fallen victim to an email phishing scam.
So whats changed? Spear phishing is believable

Spear phishing by cyber-criminals is a sophisticated process which takes months of planning. The criminal will usually monitor their target for a very long period of time. This means they gain a thorough insight of the victim’s communications amongst contacts and colleagues. They will even try to pick up on distinctive characteristics that might be unique to the victim such as their tone of voice in emails.
Some examples of phishing:
Imagine your boss emails you asking to transfer a sum of money (which is a normal day-to-day duty within your company) into a bank account. The request has their email signature at the footer, the email address is the same and even their style of writing is normal.
Another instance could be a colleague who frequently sends you links to online articles sends you an email. You open it up, the URL looks genuine, the email structure is familiar. Why would this flag up any warning signs? You then click on the link without realising you have just opened the door for the cyber-criminal to gain access into your organisation’s network.

Efforts to deal with the increase of reported phishing incidents include:

  • Regulation
  • User training
  • Public awareness
  • Security procedures

Businesses must have a strong strategy in place to avoid cyber-attacks such as spear phishing.
Here are 3 key points to consider implementing:
1. Put resilient business policies in place
This is a fundamental step for any organisation to incorporate. Businesses must have a serious and up to date policy in place for handling this type of email communication.
For example if an employee is asked to make a bank transfer there should be a policy document to refer to, which helps to determine the authenticity of such request and the best procedure for dealing with it.
2. Educate employees
There is an insufficiency of employee education around what vulnerabilities an organisation may face on a daily basis, therefore user understanding is essential when it comes to protecting a business from attacks like phishing scams.
Every employee should have training on:

  • Awareness
  • Approaching a situation
  • Observation for suspicious activity

Furthermore, employees should understand the repercussions for the business when an attack of this nature is successful.

3. Advanced email protection
Ensuring you’re covered by an adequate spam filter should prevent you from receiving the email in the first place. Content based security/spam filter solutions are offered by the top brands and are constantly being updated to protect businesses against spear phishing companies.
Don’t take the bait
With cyber attacks continuously evolving and becoming more sophisticated all businesses must ensure that they have an organised and strict strategy in place. This will create a united barrier between the business, its employees and the technology used resulting in prevention from being a victim.
If you’re concerned about spear phishing and how it can impact your business contact us today to book an appointment with Nexus. We will visit your premises, check over your system and advise how you can protect yourself.

Leave a Reply

Your email address will not be published. Required fields are marked *