5 Tips to Avoid Spear Phishing
An energy company in Ukraine called Burisma recently became the unfortunate victim of a cyberattack. The intruders gained illegal access to company data through phishing, or to be more accurate, spear phishing. As more and more cases of phishing scams become public, it has been observed that the general public has become more alert and cyber-aware. This is great; several lowly attack attempts can be warded off through vigilance. However, the more targeted form of phishing, called as spear phishing, can be harder to detect.
To become more acquainted with spear phishing and preventive measures, read ahead!
1.1 What is spear phishing?
While phishing emails are generalised and usually sent off as email blasts to all potential victims, spear phishing goes a different route. Spear phishers go the extra mile. They read up about you, monitor your activity, interests, behavioural tendencies. The intention is to tailor a bait that is directed towards you as a person, to increase the likelihood of you engaging with them. Targeting may include supplying too-good-to-be-true offers and announcements that might get you hooked. It may also be carried out by sending emergency notices like licences getting expired etc. to create a fake panic. Whatever the case, in effect, with their ‘help’ you will get the solution to a problem that wasn’t real in the first place.
1.2 5 Preventive Tips
The question to ask yourself is, ‘Why am I so easy to figure out?’ How would they know enough about you to customize a bait for you? Are your social media security settings not up to the par? Are your browsing habits being recorded sneakily? Did you maybe enable a cookie on a fraudulent website? These are just some of the things to consider. But beyond that, there are certain precautions you can use to avoid becoming a victim of spear phishing.
1.2.1 Don’t let your guard down due to the familiarity
This is an important one, and it goes against our very natural tendency to trust someone who seems to know a lot about us. Resist this urge. The criminals have done a lot of research and they’re carefully choosing their words to give the impression of authenticity. Stay alert, and you might just dodge a bullet.
1.2.2 Never give in to the urgency
The sky is not going to fall. Any respectful, authentic organization will give you some time to provide the details they need. They will answer you if you raise suspicions as to why they’re requesting the data in the first place. The urgency behind a spear phishing mail is fake. Don’t panic and think thrice before submitting sensitive data.
1.2.3 Cross verify all credentials provided by them
Cybercriminals are as meticulous as they are ill-intentioned. They will put in enough work to make the ruse believable. A casual glance at their ‘website’ or a simple request for credentials might be convincing but a deeper scrutiny will tell you that it is all fake. Don’t believe their credentials without double-checking them.
1.2.4 Don’t follow their instructions
Sometimes, a spear phishing email will contain a Word file attachment that will require you to select ‘Enable Editing’. Otherwise, the email might ask you to disable some security settings in order to view the email properly. This triggers a macro or script that runs in the background and infects your system without your knowing. Never disable the security settings that were enforced for your safety. Let them do the work that they were deigned to do.
1.2.5 Request others to go over the request
You’re in a different mindset, you’re caught up in the moment. The urgency is telling you to respond fast without giving much attention to detail. Another person with a fresh set of eyes can help you out here. She/he can spot simple mistakes in the wording/ the request that should’ve tipped you off in the first place. No respected entity would make such silly mistakes. So, don’t hesitate to ask for another’s opinion.
Security is not a one-time thing. It’s an ongoing process. If you need a partner to support you in the process, consider Logix. With over 20 years of experience providing email security and cyber security services, we have refined our products and services to weed out potential threats at the entry level. Let us join hands and move towards better overall protection.