Cybersecurity: Spear Phishing

Cybersecurity Spear Phishing

Years ago, it was obvious when someone sent you a spam email. If the sender had a picture, it likely would’ve been a supermodel telling you how attractive she finds you on a match.com sorta dating site. Except the language would’ve been something like:

“You are handsome. Thinking of life alone without you makes my tears hurt. Can you send me $500?”

Today, however, the scammers have evolved and have adopted new methods. In this blog, we examine one type: spear phishing.

What is Spear Phishing?

Spear phishing has nothing to do with fish or Phish. Spear phishing is the fraudulent practice of sending emails from a “known or trusted” sender to induce the target (you) to reveal  (hopefully) confidential information. A typical spear phishing attack includes an email and an attachment. The email contains information specific to the target, including the target’s name and rank within the company.

What is the difference between Spear Phishing and Phishing?

Spear phishing is a specific and targeted attack on one or a select number of victims.  While regular phishing attempts to scam masses of people. In spear phishing, scammers often use social media and fraudulent emails to target specific individuals in a business or organization. 

In simpler terms, these messages will appear friendly and formal, whether they come through your email, Facebook Messenger, or LinkedIn. They will attempt to convince you they are in your and/or your company’s best interest. However, their motives couldn’t be any more malicious.

How to Defend Against Spear Phishing Attacks?

It doesn’t matter what your role in a company is. Whether you’re the CEO, owner, or Junior Sales Executive -attackers can and will choose you as their next spear phishing target just to get the information they seek or information they didn’t even know they wanted. Here are some best practices to defend against spear phishing attacks:

  • Be skeptical of unsolicited messages on social media and unexpected emails, especially those that call for urgency. Always verify with the person involved through different means of communication, such as phone calls or face-to-face conversations.
  • Learn to recognize the basic tactics used in spear phishing emails, such as tax-related fraud, CEO fraud, business email compromise scams, and other social engineering tactics. 
  • Refrain from clicking links or downloading email attachments, especially from unknown sources.
  • Block threats that arrive via email using hosted email security and antispam protection.
  • And whatever the situation, never give out important info (especially financial) to anyone you don’t know.

Conclusion

At JEG DESIGN INC., we pride ourselves on security. While we can’t do anything to help determine whether or not someone is trying to perpetuate fraud against you or your company. We can help you keep your website and mitigate spam on your emails. For more info, please email click here for your free consultation.