Fishing remains a top U.S. pastime. Sadly, another kind of “phishing” has become popular, too.
Phishing is a type of cyber attack in which hackers disguise themselves as trusted sources online in order to acquire sensitive information. It is a common and simple scam that can put you, your employees and your business at risk. Worse yet, more resourceful criminals are resorting to a modified and more sophisticated technique called “spear phishing” in which they use personal information to pose as colleagues or other sources specific to individuals or businesses.
Have you ever received an email that almost convinced you to urgently help a friend or coworker in need? A spear phishing attack is often disguised as a message from a close friend or business partner and is more convincing than a normal phishing attempt; when messages contain personal information, they are much more difficult to identify as malicious.
The attacks are on the rise. In fact, in a report released by the Internet Crime Complaint Center, it’s stated that there were over 120,000 cyber crime-related complaints against businesses last year, resulting in over $800 million lost.
We don’t want this to be you!
Though it’s difficult to completely avoid the risk that spear phishing attacks pose, there are ways to prevent further damage to your business. Make sure your employees are aware of these simple techniques:
- Never send financial or personal information electronically, even if you know the recipient well. It may be possible for a third party to intercept this information, especially if the recipient is later subject to a spear phishing attack.
- Be cautious when you are asked to divulge personal information in an email. Even if it appears to be from a trusted source, it could be a hacker impersonating another person or group.
- Only share personal information on secure websites or over the phone. When in a Web browser, you can ensure a website is secure when you see a lock icon in the URL bar, or when an “s” is present in the “https” of a URL. The “s” stands for “secure” at the end of the normal “http”.
- Some spear-phishing schemes use telephone numbers, so be sure to never share information over the phone unless you initiate the call to a trusted number.
- Encourage employees to think twice about what they post online. Spear phishing hackers often attain personal information through social media sites. Make sure that employees know how to keep this information private to protect their own security as well as that of your business.
- Regularly check all online accounts and bank statements to ensure that no one has accessed them without authorization.
- Never enter any personal or financial information into a pop-up window or a Web browser. Never click on links or open attachments from unknown sources. Even opening a file that seems familiar can give a spear phishing attacker access to personal information stored on your device.
- Ensure that your company’s security software is up to date. Firewalls and anti-virus software can help protect against spear phishing attacks.
For a printable version of our spear phishing prevention tips, click here.