SUMMARY
Cybercriminals use spear phishing to gain access to a company’s network or for financial gain
Spear phishing is most often an email spoofing fraud attempt
The security of a company does not start and end with an IT expert or department
People tend to be busy at work, dealing with customers, in and out of meetings and calls, answering emails, making them susceptible to a rushed error in judgement.
Combine this with people’s potential lack of awareness around cyber threats, and you have the perfect spear phishing victim, who will give cybercriminal access to the company’s network, confidential information, or may hand over money to the cybercriminal.
Successful spear phishing not only costs a company, financially, but can also expose sensitive company and customer data at risk, causing reputational damage.
In order to be on guard against spear-phishing, it’s important employees understand what spear phishing is, what it can look like, and what actions they should take if they encounter spear phishing.
What Is Spear Phishing
Spear phishing is most often an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data, or money. The success of spear phishing depends on three things:
- The apparent source must appear to be a known and trusted individual
- There is information within the message that supports its validity
- The request the individual makes seems to have a logical basis.
Spear phishing attempts are not typically initiated by random hackers but are more likely to be conducted by perpetrators out for financial gain, trade secrets, or information, and who have researched their target to appear knowledgeable and trustworthy.
With spear phishing, the apparent source of the email is likely to be an individual within the company and generally someone in a position of authority. Often, requests are made with a sense of urgency for immediate action.
What Should Employees Look For?
There are a number of clues that employees should look for that can hint an email is spear phishing. Recipients should ask themselves:
- Did the email come from someone that they would normally expect to receive emails from on the particular subject?
- Is the style of writing consistent with the sender’s usual style?
- Does the “tone” of the message seem correct?
- Is there any sense of urgency/immediateness to the request?
- Is the request out of the ordinary?
- Have colleagues received (or reported) similar emails?
- Hover the mouse over the link to see what it reveals – it could be a fake link or suspicious URL-shortener
If anything about the message seems odd, check patterns in an email header to verify if the email is genuine. For instance, messages may appear to come from a trusted source, meaning their name appears as the sender, but the email address is wrong.
How To React To A Suspicious Email?
Once a spear-phishing message has been identified, it’s important employees remember to always follow the ground rules: do not open attachments, click email links, or reply. Employees should never, under any circumstances, send passwords or credentials via email.
The email should be immediately reported to the company’s CISO or IT department, and if one does not exist, the email should be reported to the company’s management and deleted. The company’s management should inform the entire company. If one employee receives spear-phishing messages, others within the company could as well.
The security of a company does not start and end with an IT expert or department. Cybercriminals often target the weakest link, making it essential for every employee to be aware and up-to-date of the latest threats and tactics cybercriminals use, to help keep the company secure and protected from cyber-threats that can have potentially devastating effects.
[The article is authored by Jaya Baloo, CISO at Avast.]
