Skip to content
      Home      Rates      Investor Relations      Business Blogs      Careers      Contact Us      Locations

* = Required

  • Subscribe to Our Commercial Blog

Guarding Your Business Against Spear-Phishing


As the number of cyberattacks affecting American companies continues to grow, businesses are taking more steps to prevent phishing, a well-known online fraud that’s often the gateway for data theft and other crimes. While phishing has caused significant losses and disruptions for many businesses, its more advanced variation, spear-phishing, can pose an even greater cybersecurity threat.


What Is Spear-phishing?

Spear-phishing uses the same social-engineering and spoofing techniques as regular phishing, but with far more precision. A traditional phishing scam often starts with a mass email purporting to be from Google or another familiar business, but when your employees notice how impersonal and out-of-the-blue the message is, they’ll likely flag it as spam. But a spear-phishing attack is harder to spot and potentially more dangerous. That’s because:

  • The fraudulent message appears to come from a person or business the target knows. It often references familiar names, business details, and other information to seem authentic and trick the recipient into clicking a malicious link or supplying confidential information.
  • Unlike widespread phishing attacks, spear-phishing often targets workers who have administrative access to company systems.
  • Because it’s so effective, cybercriminals often use it to commit business email compromise scams, data theft, and other costly crimes.


How an Attack Happens

Here’s one scenario: The attacker begins by researching a business online and choosing an employee to target. The spear-phisher then emails the target, posing as an employee from the company’s IT vendor or another familiar entity. Using a plausible pretext, the criminal asks the employee to provide sensitive information, click a link, or download a file. The message may have the same language and same company logo you’d find on an actual email from the business. Once this worker’s email or computer is compromised, the attacker may go after other company email accounts or infect the whole network with malware.  


Defending Your Business

For cybercriminals, it’s often easier to deceive an employee with a spear-phishing attack than it is to hack through a company’s network defenses. For this reason, your business should consider supplementing its network security technology with policies and training to help prevent this fraud. Here’s what you can do:

  • Educate all employees about spear-phishing and remind staff to first verify unexpected queries and links.
  • Increase cybersecurity training for employees with access to sensitive business or customer information, as well as those with administrative access to your email system.
  • Have an IT specialist set up multifactor authentication for especially sensitive systems, such as your accounting system.
  • Hire a security consultant to assess your preparedness for this type of attack and provide further recommendations.

Next Article

The information contained herein is for general informational purposes only and does not constitute tax, legal, or business advice.