At work - spear phishing risks
One of the most sophisticated types of phishing attacks is called spear phishing. This is when a hacker will target a specific group or organization and will tailor their attacks to make them look relevant to the recipient. When receiving emails, users should look at the following:
- Do you know the sender, and is the email address one you would expect them to use? An email purporting to be from your CEO, but sent from a Gmail account, should always ring alarm bells.
- Are you expecting a message from the person? Does the email look suspicious? Does the link look genuine?
- The content of the email can be a giveaway. One of the most basic reasons that phishing attacks work is that they prey on a user’s emotional response – fear, curiosity or reward, and emails that evoke strong emotions such as these should be considered triggers.
- Is the email specific? Does it make sense? Although criminals have a lot of information about individuals they will still keep messages generic to pique your interest, and make you take action.
- And of course, while grammar has improved in recent years, mistakes are often an indicator that all is not as it seems.
One of the best defensive actions is to scrub the internet of the personally identifiable information that cyber criminals can use to mount such attacks.
Here are three ways to do so:
- Google your executives regularly. Find out what the attackers will learn when they search. What information, from addresses and charity causes to other interests, can criminals use to dupe others?
- Have your executives opt out of people-search sites. This can be an arduous and confusing process, but it’s an important one to take. Data is the most valuable stock that is being traded online every second. How to opt-out of people search sites
- Have your executives (and their families) lock down their social media privacy settings. This can help reduce the digital breadcrumbs that attackers use to sniff out the most personal details. How to lock down social media privacy settings