What is Spear Phishing and How To Avoid It | Fraser Valley IT Support
We are sure that you are already familiar with phishing…after all, it is everywhere, these days! From the good old-fashioned Nigerian prince email, all the way through to the CRA phone scam (also known as voice-phishing or vishing). These scammers cast a huge, wide, net as far as they can, and wait to see if anyone bites. However, there is another, more-complex level of phishing, that you may not have heard of, called Spear Phishing. We’re going to talk about what it is, and how you can Fight Spear Phishing.
Spear phishing is different in that they target a specific person. This target is usually someone in a large company with access to valuable data or finances. Before contact, the scammer takes the time to do some research on their intended victim, mostly online through social media accounts etc.
Using the personal information that they have gathered, they then contact this intended victim. But, these guys are the next level of scammers. They are smart! So, they make their email as personal and legit looking as they can.
It may be as an application to a job that they know they are recruiting for, or a faked email from a friend claiming to have a link to a new menu from a favourite restaurant. Of course, this link or document will contain a malware-infected link or document. Once clicked, the hacker either gains access to company data, or it plants a crypto-locker virus for ransoming.
Most spear phishing is aimed at mid-tier employees. However, there are a few brave spear-phishers who will sometimes target someone at the top of the company tree… someone like a CEO, CFO or senior manager. When this happens, it is called whaling.
So, how can you Fight Spear Phishing?
Education is a key one here. Making employees aware that this can happen will go a long way! Advise them to keep their social media content as private as possible (after all, that is as much for their own personal benefit as yours!).
Make sure all employees know what to look for in fake emails (such as poor spelling and grammar, or checking link addresses before clicking them by hovering the mouse pointer to see a pop-up box of the address. If you get a link claiming to be from a certain bank or company, open a browser window and go to the bank/company website directly and compare their actual address to the one you see on the email.
Limit data to the people who need it. If you keep data on shared drives, make sure sensitive data is housed on separate drives (eg a drive for Accounting only, a drive for customer lists only etc) and only give people access to the areas/drives they need to work.
Keep all software, anti-virus programs and firewalls up-to-date.
Back-up, back-up, back-up!! Back-up your data well and back-up often!!
Want to learn more about how to Fight Spear Phishing? Contact our team!