Spear phishing, or malicious emails targeted at specific industries, businesses, or individuals, is a top security concern amongst many American business owners.The average cost for a US business when they are successfully attacked by a spear phishing campaign is $1.8 million, and many security firms and solutions providers say these highly targeted email pushes are responsible for a great majority of security incidents. But why is this? Why are individuals so easily swayed to drop security protocols because of a simple message?
This level of temptation is induced by the targeted nature of the attack. If the attacker’s techniques are sophisticated, the email nearly forces an individual to click a link or download an attachment within the message. This form of cyber threats uses manipulative tactics to wrongfully take login credentials or to install malware on a victim’s workstation to access mission critical data and private information.Because the content inside these emails are very specific to the victim, it’s more believable and, oftentimes, the credibility of the message isn’t even considered.
To security companies, spear phishing is a huge concern because it exploits the vulnerabilities in people as opposed to the vulnerabilities in technology. This means that if a malicious email gets past their spam filters (which does happen), then the security of their client’s data is out of their hands. At this point, the company’s only defense is their staff members. Are you and your coworkers able to detect and avoid these highly sophisticated and targeted emails? Let’s hope so.
Here are a few quick tips, in the form of questions, to help you better detect and avoid spear phishing:
Who is the sender?
Do you know this individual personally? If it’s from a well-known company, is the company name, logo, and contact information represented correctly?
What is the email asking you to do?
Do companies normally ask people to do this type of action over the internet or through email communication? For example: Your bank is asking you to update your login credentials. In your experience, an update would be requested when you’re on the website attempting to login, and it wouldn’t normally be requested through email. So, to verify this type of email, you can exit out of the email and visit the website manually by typing the known URL into the address bar (not the URL provided in the link), or you can call the company (with contact information provided on their website, not in the email) and verify the request with a representative.
Is there an attachment? If so, do you
know who the sender is personally? If not, what is the intent of the download and why is it absolutely necessary for you to download it? Never download an attachment from an unknown source without first verifying the sender. For example: Jane Doe from XYZ Company sends you an email with an attachment. You currently do business with this company, and she references your position and is aware of your job duties (making the email legitimate and targeted). However, you don’t know who Jane Doe is, and you’re not sure why she’d be contacting you (making the email “phishy”). To verify the sender, call XYZ Company with the contact information you have (not the information she supplied you with) and ask to speak directly with Jane Doe. If no one there knows of a Jane Doe, then you should immediately delete the email and notify your security provider. If she answers and explains the intent of the email, then you can (most likely) safely open the email
If you want to learn more on how to take care of Cyber Threat clink on this link: https://stsarizona.com/services/email-spam-protection/