Spear-phishing attacks are thought to be one of the most popular vectors amongst threat actors due to their regular success. In fact, a study by Proofpoint found that around 88% of organisations are hit by spear-phishing attacks each year, suggesting many businesses are targeted every day.
What is spear-phishing?
Spear-phishing is a form of phishing but a much more targeted style of attack. Both use social engineering techniques to encourage their victims to hand over personal confidential information or click on dangerous links via email, SMS or even over the phone (known as vishing). The information they gather can then be used for malicious acts such as account access, impersonation, or the spread of malicious software.
50% of phishing links are clicked within an hour of being sent
However, whilst phishing is a generic attack sent to the masses in the hope that a number are caught (imagine a net being cast), spear-phishing targets an individual and is a much more personal form of attack. It’s this personal touch that makes spear-phishing harder to detect and therefore more successful for cyber criminals.
6 tips to avoid spear-phishing
#1. Be careful how much personal information you share on social media.
By simply including your date of birth on your profile, posting a photo of your Christmas wreath on your front door complete with address plate in view, and taking part in a fun quiz that takes the name of your pet to be your festive elf name… you could be giving a hacker the answers to the most common security questions anyone is ever asked.
#2. Be smart with your passwords
Whether business-related or personal, make your passwords unique and never reuse the same one across multiple accounts. Password managers are a great way to achieve this. And for your personal accounts, many browsers and smartphones now offer unique password generation and management every time you set up a new account so take full advantage of this feature.
#3. Keep all your software up to date
As inconvenient as it may seem, don’t ignore your PC’s cries for updates. Most updates include security patches which are essential for sealing vulnerabilities. This goes for your smartphone too.
#4. Avoid links
Phishing links are becoming more sophisticated and harder to spot. Our advice is to avoid them completely. If you receive an email or text from a seemingly known organisation (such as your bank) asking you to log into your account, simply go direct to their website and access your account from there to check the request is legitimate.
#5. Pay close attention to emails
If someone in your contacts has been hacked, you may get an email from them with an unusual request involving your personal details. The sender address may well be theirs but that doesn’t guarantee they typed the email. If something doesn’t feel right, give the sender a call to check the legitimacy of the email and perhaps even alert them of a breach.
#6. Get help from cyber security specialists
Your IT Provider can help protect you from spear-phishing attacks too, especially is they specialise in cyber security. They can implement anti-phishing tools so less malicious emails successfully make it to your mailbox, and help you implement spear-phishing drills to increase your staff awareness.
At Jupiter IT, we’re passionate about cyber security.
We’d all like to think we’d easily spot a phishing attack attempt but hackers are good at what they do. So good that as many as 54% of businesses have fallen victim to a phishing or other social engineering cyber attack during the last year.
Anyone in your company with an email address should be trained in cyber security awareness in order to avoid this type of attack. That’s why we provide free, content-rich, cyber security staff training for all our clients.
We hold the prestigious Cyber Essential Plus Certification and as experts in this standard, can help you become certified too. To find out more, drop us a line – we’re waiting to share our expertise with you.
In the meantime, here’s why training your staff in cyber security awareness is so important.