“Phishing,” a type of cyber attack in which a hacker disguises him- or herself as a trusted source online in order to acquire sensitive information, is a common scam that can put employees and businesses at risk. However, more resourceful criminals are resorting to a modified and more sophisticated technique called “spear phishing,” in which they use personal information to pose as colleagues or other sources specific to individuals or businesses. And, when attacks contain personal information, they are much more difficult to identify as malicious.
For businesses, the potential risk of spear phishing is monumental. The 2015 Internet Security Threat Report released by Symantec Corporation, a company that specializes in security software, states that, globally, 5 out of every 6 large employers were targeted in spear phishing attacks in 2014, and that there was an average of 73 spear phishing email attacks per day.
How to Protect Your Business
Though it is difficult to completely avoid the risk that spear phishing attacks pose, there are ways to prevent further damage to your business. For example:
- Be cautious when you are asked to divulge personal information in an email. Even if it appears to be from a trusted source, it could be a hacker impersonating another person or group.
- Only share personal information on secure websites or over the phone. When in a Web browser, you can ensure a website is secure when you see a lock icon in the URL bar, or when an “s” is present in the “https” of a URL. The “s” stands for “secure” at the end of the normal “http”.
- Some spear phishing schemes use telephone numbers, so be sure to never share information over the phone unless you initiate the call to a trusted number.
- Never click on links or open attachments from unknown sources. Even opening a file that seems familiar can give a spear phishing attacker access to personal information stored on your device.
- Ensure that your company’s security software is up to date. Firewalls and anti-virus software can help protect against spear phishing attacks.
- Encourage employees to think twice about what they post online. Spear phishing hackers often attain personal information through social media sites. Make sure that employees know how to keep this information private to protect their own security as well as that of your business.
Regularly check all online accounts and bank statements to ensure that no one has accessed them without authorization.
© Zywave, Inc. All rights reserved.