We work to make vulnerable clients resilient as it pertains to their cyber vulnerabilities. An often overlooked aspect of cybersecurity is actually not digital— it’s human. As a result, we place a great deal of emphasis on training employees with proactive measures to protect companies against threats. These threats include spear phishing, a growing method hackers use to target specific victims to steal data. Since phishing of any kind can be extremely destructive, the necessity to educate everyone on this matter is drastically increasing. Understanding what it is, how it works, and how to protect you and/or your business is crucial.
What is Phishing? Phishing is when a cybercriminal (phisherman) poses as a legitimate institution to lure individuals into providing sensitive data. Emails arrive from accounts that appear to be familiar (Facebook, Instagram, Gmail or other email accounts, banks, etc) when in reality, they are from a hacker who has their sights set on gaining access to their accounts or other sensitive data. This leads to the recipient giving out information or interacting with links that give the hacker access to their device.
What is Spear Phishing? While phishing is a broad attack, spear phishing is a targeted attack- think emails addressed directly to you as opposed to a general email. These targeted attacks are usually a one-off email that is well thought out, orchestrated, and, as we said, specific to you. The phisherman will know what particular piece of data or application he is trying to access and will craft an email for a particular person or department at your company that has access to that data.
What are red flags that indicate an attack is being attempted? The ability to identify phishing emails is essential and could save millions of dollars and many jobs. First and foremost, never share personal or financial information over the internet without knowing both the source and the network you are sharing it with is secure. Always carefully review the email address that the email is from to ensure it is legitimate. For example, a normal email might come from email@example.com but a spear phishing email could be sent from firstname.lastname@example.org– do you see the slight difference? Something as simple as a swap of letters can indicate that you are being phished. Another red flag could be a logo that is slightly altered or contains misspelled words or an email with poor grammar. An email could also contain a link that leads you to a website that is a replica of the one you intended to go to but is unsecured to enticing the release of passwords and usernames. Always remember that secure websites always start with https:// and always confirm the URL/web address of the website before you enter any information. Use these tools to help identify and deter phishing emails.
Spear phishing and other new threats are constantly evolving and require an adaptive solution. If you need help establishing a strong cybersecurity environment, find a qualified provider who can develop a program that works for your business and will help keep you and your employees safe.
TLDR: As technology advances, cybercriminals are becoming more clever with their attacks. Even as cybersecurity progresses, one of the most valuable investments is educating and training your employees.