What is spear phishing?

Security_Feb17_COne of the most common threats to business and individual systems is phishing. This form of hacking is well known and many users have educated themselves on the more traditional methods used by hackers. This has forced hackers to come up with different phishing techniques, and one of the methods that is causing problems is spear phishing.

What is spear phishing?

Spear phishing is a specialized type of phishing that instead of targeting a mass number of users, as normal phishing attempts, targets specific individuals or groups of individuals with a commonality e.g., an office.

Generally a hacker will first pick a target and then try to learn more about the related people. This could include visiting a website to see what a company does, who they work with, and even the staff. Or they could try hacking a server in order to get information.

Once they have some sort of information, usually a name, position, address, and even information on subscriptions, the hacker will develop an email that looks similar to one that another organization might send e.g., a bank. Some hackers have been known to create fake email accounts and pose as a victim’s friend, sending emails from a fake account.

These emails are often similar to official correspondence and will always use personal information such as addressing the email to you directly instead of the usual ‘dear sir or madam’. The majority of these emails will request some sort of information or talk about an urgent problem.

Somewhere in the email will be a link to the sender’s website which will look almost exactly like the real thing. The site will usually ask you to input personal information e.g., an account number, name, address, or even passwords. If you went ahead and followed this request then this information would be captured by the hacker.

What happens if you are speared?

From previous attack cases and reports, the majority of spear phishing attacks are finance related, in that the hacker wants to gain access to a bank account or credit card. Other cases include hackers posing as help desk agents looking to gain access to business systems.

Should someone fall for this tactic, they will often see personal information captured and accounts drained or even their whole identity stolen. Some spear phishing attacks aren’t after your identity or money, instead clicking on the link in the email will install malicious software onto a user’s system.

We are actually seeing spear phishing being used increasingly by hackers as a method to gain access to business systems. In other words, spear phishing has become a great way for people to steal trade secrets or sensitive business data.

How do I avoid phishing?

Like most other types of phishing related emails, spear phishing attempts can be easy to block. Here are five tips on how you can avoid falling victim to them.

  • Know the basic rule of business communication - There are many basic rules of communication, but the most important one you should be aware of is that the majority of large organizations, like banks, social media platforms, etc., will not send you emails requesting personal information. If you receive an email from say PayPal asking you to click a link to verify your personal information and password, it’s fake and you should delete it.
  • Look carefully at all emails - Many spear phishing emails originate in countries where English is not the main language. There will likely be a spelling mistake or odd wording in the emails, or even the sender’s email address. You should look out for this, and if you spot errors then delete the email immediately.
  • Verify before you click - Some emails do have links in them, you can’t avoid this. That being said, it is never a good idea to click on these without being sure. If you are unsure, phone the sender and ask. Should the email have a phone number, don’t call it. Instead look for a number on a website or previous physical correspondence.
  • Never give personal information out over email - To many this is just plain common sense – you wouldn’t give your personal information out to anyone on the street, so why give it out to anyone online? If the sender requires personal information try calling them or even going into their business to provide it.
  • Share only essential information - When signing up for new accounts online, there are fields that are required and others that are optional. Only share required information. This limits how much a hacker can get access to, and could actually tip you off. e.g., they send you an email addressed to Betty D, when your last name is Doe.
  • Keep your eyes out for the latest scams - Pay attention to security websites like those run by the major antivirus providers, or contact us. These sites all have blogs where they post the latest in security threats and more, and keeping up-to-date can go a long way in helping you to spot threats.

If you are looking to learn more about spear phishing or any other type of malware and security threat, get in touch.



7 Tips to successful blogging!

BusinessValue_Mar03_CBusiness owners and managers are often looking for ways to connect with their customers, drive value and build brands. The difficulty is that there’s no easy solution to achieve this. Many business have a website and social media profile but find these are often not enough to drive relationships and business forward. Another element you might want to try, that can help drive business connections, is blogging.

Read more...



DRP: Save your business from disaster

BCP_Feb17_CDisaster recovery features have become a vital aspect for small to medium businesses. With systems and networks becoming more complex, there are many things that can go wrong. It’s for this reason that a business needs to have a DRP, or Disaster Recovery Plan. These plans are a good way of protecting your business from unforeseen calamities that could disrupt your business process.

Read more...



Getting help for your Office issues

Office_Feb24_CMicrosoft Office might not be the program that is top of mind with users these days, but you cannot deny the legendary success it has seen over the past 20 years. Moreover, the platform is still one of the most sought-after enterprise software products in the market. It is deemed to be Microsoft’s main revenue generator, as it is used by almost all companies globally. That being said, there may come a time when you need help with an Office program.

Read more...



Define: Hosted Exchange

Windows_Feb10_CThere are a number of important pieces of technology that businesses rely on in order to be able to operate. One of the most crucial being the server, which hosts the majority of most business programs. Many businesses rely on at least one server to host their email platform, which is most likely Microsoft Exchange. But some don’t have room for a server, or would like another option, and with Hosted Exchange they have it.

Read more...



cartoon