As the number of cyberattacks affecting American companies continues to grow, businesses are taking more steps to prevent phishing, a well-known online fraud that’s often the gateway for data theft and other crimes. While phishing has caused significant losses and disruptions for many businesses, its more advanced variation, spear-phishing, can pose an even greater cybersecurity threat.
What Is Spear-phishing?
Spear-phishing uses the same social-engineering and spoofing techniques as regular phishing, but with far more precision. A traditional phishing scam often starts with a mass email purporting to be from Google or another familiar business, but when your employees notice how impersonal and out-of-the-blue the message is, they’ll likely flag it as spam. But a spear-phishing attack is harder to spot and potentially more dangerous. That’s because:
How an Attack Happens
Here’s one scenario: The attacker begins by researching a business online and choosing an employee to target. The spear-phisher then emails the target, posing as an employee from the company’s IT vendor or another familiar entity. Using a plausible pretext, the criminal asks the employee to provide sensitive information, click a link, or download a file. The message may have the same language and same company logo you’d find on an actual email from the business. Once this worker’s email or computer is compromised, the attacker may go after other company email accounts or infect the whole network with malware.
Defending Your Business
For cybercriminals, it’s often easier to deceive an employee with a spear-phishing attack than it is to hack through a company’s network defenses. For this reason, your business should consider supplementing its network security technology with policies and training to help prevent this fraud. Here’s what you can do: