The email may look legitimate. A simple request for an interview from a trusted media outlet you recognize. Or even an email that appears to be from a party or business you think you know. Don’t take the bait! A spear phishing attack – an email attempt by a hacker to lure targeted individuals to reveal confidential information – is just one way hackers can gain your information.
This latest attempt in spear phishing attacks, according to Google’s Threat Analysis Group (TAG), includes impersonating media outlets and luring you in with a fake interview. In fact, some 91% of hacking attempts begin with a spear phishing email often from a source impersonating people or organizations you know and trust.
Phishing Emails Will Try to Lure You to Click, Download, or Share Sensitive Information
In the email, the cybercriminals may try to ask to interview you and prompt you to click a link with the interview questions or a request to quickly update passwords. If you click this link, you’ll be redirected to a malicious website with a login prompt. Those login credentials you enter will be sent directly to the cybercriminals, and they’ll be able to access your account for their own malicious purposes.
It’s particularly worrisome for small-to-medium size businesses that may not have updated firewalls or outdated antivirus software or lack encryption tools and two factor authentication. A single click on an infected link by a small business owner with an unencrypted laptop could put client information at risk.
Tips For Avoiding a Spear Phishing Attack:
Over time, spear phishing attacks have become increasingly sophisticated. It’s essential to know the dangers and the warning signs. Follow the guidelines for spear phishing prevention below to protect yourself and your organization from falling victim to cyber threats.
Think before you click: Remember that spear phishing attacks can impersonate anyone, such as a media outlet, a colleague, client or a close friend. Never click a link in an email that you aren’t expecting, especially ones that take you outside of your organization or have unusually long URLs.
Verify the identity: Is the sender actually who they say they are? If the sender claims to be someone you know, but the email looks suspicious, make sure to reach out to them in person or by phone to verify. Also, take a close look at their sending domain or email address. A corporate entity will likely not use a public gmail account.
Pay Attention to Red Flags: Often red flags appear without even opening an email. For example, watch out for emails sent outside of business hours or emails that contain spelling or grammatical errors. If there’s a strange sense of urgency with prompts such as “reset your password now” or odd subject lines from including “can you do me a quick favor” or greetings such as “Dear Sir or Madam” – red flag the email and report it.
Be Careful with Downloads: Emails with attachments are common but a good rule of thumb is to avoid downloading attachments from people you’ve never worked with before. Malware attempts often start with attachments and file extensions such as .zip and .exe, among others.
Don’t Overshare: Scammers often get information about you from information you post or information that is shared about you online and is accessible to them. Be selective about what information you make available to make it harder for hackers to create a convincing message.
We all want to believe we are more skilled at spotting scammers, but the cunning tactics these culprits use are becoming more convincing and, unfortunately, are often under the guise of legitimate sources we trust.
Protect Against Spear Phishing with a Trusted Cybersecurity Team
A managed services provider like NerdsToGo can help small business owners prevent the worst, and lessen the impact of a cyberattack by using our proven cybersecurity solutions that continually watch for threats. A trusted MSP can also help improve security overall and help prevent future phishing or malware attempts.
Take the time to test and put in place necessary security protocols with NerdsToGo.