4 Ways to Prevent Email Spear Phishing Attacks
Remote workers have seen a significant increase in a particular kind of e-mail threat recently: spear phishing. A 2021 report from Business Wire found that the domestic market for spear phishing is $1 billion, and expected to reach $1.9 billion by 2027. But who are the targets? Cybercriminals are doubling down on hybrid, on-premises, enterprise, critical infrastructure, healthcare, retail, government, and defense organizations. Learn more about protecting your organization.
How to Protect Your Confidential Business Data Against Spear Phishing:
What Is Spear Phishing?
Spear phishing is a scam that uses publicly available information to steal money or personal information from the target. Scammers typically source information directly from corporate websites, LinkedIn, and Facebook. Unlike typical phishing schemes that send out ‘bait’ in the millions (via mass email or text), spear phishing is hyper-targeted. Recipients are often business leaders, such as the C-suite, or other individuals who process large amounts of data, such as HR or finance professionals. That said, anyone can be targeted, as scammers often cast a wide net to maximize profit.
Why Is Spear Phishing Dangerous?
Cybercriminals will often imitate trusted sources when spear phishing. They may pretend to be a client or partner organization, asking for personal information, IP, or a financial transaction. These attacks often convey a sense of urgency, with variations including a CEO in trouble, a deal that hangs in the balance, demands from the IRS, or opening 401(k) accounts for employees. There are myriad other messages, designed to prompt a reactive rather than measured employee response.
Why Didn't My SPAM Filter Catch this?
Because this is a scam being sent to one or, at most, a handful of individuals using a real, but cleverly disguised, e-mail domain. Spam filters look for an e-mail from bogus domains and e-mail that is being blasted to many recipients. Take these precautions, to reduce your risk of a spear-phishing attack:
Be wary of urgent e-mails requesting money, wire transfers, passwords, or any personal information.
Take care looking at the sender’s address and read carefully for incorrect spelling or vocabulary.
Follow-up with the sender by phone or IM. Do NOT respond to the e-mail or forward the email to anyone unless you can verify it is legitimate.
Educate all employees about this risk. Ensure they know what these scams entail precautionary measures and protocols if they, unfortunately, fall victim.
If your business needs assistance implementing any of the above, we can help. Reach out to us for a free consultation and give your email the enterprise protection it deserves.
Editor's Note: This blog was originally published in 2016. It has been updated for accuracy.