If phishing is a large fishing trawler heaving out a net and hoping to catch…something, spear phishing is an experienced diver, homing in on an individual target. Spear phishing is a targeted phishing attack that uses social engineering techniques in a highly personalised way.
While spear phishing attacks often arrive via email, cybercriminals are now also using text messages, social media, instant messaging or phone calls. Attackers first research their targets via sites such as Facebook and LinkedIn. They then use the specific information gleaned to create legitimate-looking requests for the user to provide information, to click a link, or even to send money or purchase gift cards. Because of the personalised nature of these messages, people often let their guard down and don’t think twice before clicking a link or downloading an attachment. Which can, of course, lead to serious consequences, including personal data theft, the accessing of financial accounts or a malware infection.
Possible spear-phishing-attempt red flags
- An unusual sense of urgency, often attempting to panic the recipient.
- Links, email addresses or domains that don’t match or that contain irregularities – although anomalies in these areas are more sophisticated than they once were and have become harder to spot. Myfaveshirtshop.com may become Myfaveshirt.com, for instance. Easy to miss if you’re in a hurry!
- Spelling or grammar mistakes – again, targeted phishing campaigns are becoming increasingly sophisticated, but scammers do still make mistakes!
- Messages that include unsolicited attachments or that ask you to share personal, financial or account login information. Massive red flag!
Tips for avoiding spear-phishing scams
To avoid becoming a spear-phishing victim, it pays to think with your head, not your adrenaline! Scammers often try to get victims to act before they really have time to think things through. If something is really so urgent that it must happen NOW, is it really legitimate?
Reminder: Take a step back. Don’t react emotionally. Inspect communications objectively. Always be a little bit suspicious!
Get a second opinion
Asking a colleague or a member of your business’ IT team not only runs a second eye over the message in question, but it also stops you from reacting straight away.
Ensure that cybersecurity solutions, VPNs, remote services and multifactor authentication (MFA) options are up to date, fully patched and properly configured and integrated. You can also block threats that arrive via email using hosted email security and anti spam protection.
Spear phishing prevention with Geelong Technology Group
When it comes to phishing attacks, one of the best methods of prevention is education. Security awareness training that includes learning to recognise the basic tactics used by cybercriminals is an integral component of overall cybersecurity.
Did you know that 91% of cyber breaches start with a phishing attack?
Geelong Technology Group offers complete security awareness training solutions for small businesses, with an industry-leading phishing simulator. From device security to advice on remote working to engaging online training that will increase employee compliance and drastically reduce the likelihood of human error, we’re here to help.
Start reducing your human cyber risk and get started today with our online demo or drop us a line to find out more:
Geelong Technology Group: providing services and local support to businesses in Geelong, Ocean Grove, Barwon Heads, Torquay, Bellarine Peninsula, Surf Coast, Golden Plains, Colac, Warrnambool and beyond.