At work - spear phishing risks
One of the most sophisticated types of phishing attacks is called spear phishing. This is when a hacker will target a specific group or organization and will tailor their attacks to make them look relevant to the recipient. When receiving emails, users should look at the following:
- Do you know the sender, and is the email address one you would expect them to use? An email purporting to be from your CEO, but sent from a Gmail account, should always ring alarm bells.
- Are you expecting a message from the person? Does the email look suspicious? Does the link look genuine?
- The content of the email can be a giveaway. One of the most basic reasons that phishing attacks work is that they prey on a user’s emotional response – fear, curiosity or reward, and emails that evoke strong emotions such as these should be considered triggers.
- Is the email specific? Does it make sense? Although criminals have a lot of information about individuals they will still keep messages generic to pique your interest, and make you take action.
- And of course, while grammar has improved in recent years, mistakes are often an indicator that all is not as it seems.
Phishing is one of the most common attack methods for cyber-criminals, however an effective training program and user awareness will minimize the risk of employees falling victim. Once employees know what to look for they will be able to quickly identify any potential phishing emails and report them before any damage is done.