Phishing is an attack designed to trick end-users into giving away confidential information, typically by sending an email posing as a legitimate organization (like a financial institution) and linking to a website disguised as one associated with that institution. Spear phishing is a more sophisticated version of phishing that takes these attacks to the next level. Instead of sending mass communications to a large group of people, spear phishing specifically targets individuals using personal information such as geographic location, recent purchases, or a list of colleagues to make their requests seem more believable.
Spear phishing is becoming increasingly more common because the attacks are harder to identify than traditional phishing attacks. The e-mails and phone calls are more personalized so more people fall into the trap.
What do these attacks look like? As an example, you may be a PC user who gets a phone call from someone claiming to be from Microsoft who needs to resolve an issue with the latest Windows update. Another example is one of your finance team members receives an email from “you” asking them to pay the attached invoice right away.
Your social media profiles are an asset to spear phishing attackers. The more personal information that you make publicly available, the more these attackers can personalize their communications to you and pose as a reputable contact. LinkedIn profiles and the company’s ‘About Us’ website also illustrate who works at the company and attackers can start to connect the dots regarding employees and their managers.
Defending against attacks like this is a multi-layer approach. Make sure you have the following in place:
Additional tactics that will help prevent a successful attack:
Spear phishing attacks continue to become more sophisticated, and mistakes can happen. If you are caught in an attack, what can you do to mitigate the damage? The first step is to contact a highly-certified Managed IT Service and/or Managed IT Security Provider. At Parachute, we are your trusted technology resource. We will help figure out exactly what was stolen by the hackers and help to unwind the damage that was done.