September 27, 2022
Spear-phishing is an extremely dangerous and targeted form of phishing. It differs from phishing because a seemingly trusted source targets a specific person to compel them to reveal confidential information.
Audio: Listen to this article.
Spear-phishing attacks are mostly delivered using email. The scary thing is they will look exactly like a regular email. And because it uses a targeting approach, these emails will probably contain specific things about you from research, such as your name, title, hometown, or your bank, which adds supposed credibility to the email. This works to the attackers’ benefit because it makes the email seem real — so real that consumers open 70% of attempted spear-phishing emails. Fifty percent of consumers also open the links within the spear-phishing emails.
If you don’t recognize an email as a spear-phishing attack, you might not realize you’ve been compromised until it's too late. With a large amount of people falling for these emails, it's important to train your department to recognize, avoid, and report suspicious emails because, as public relations, communications, and marketing professionals, you could cause a data breach, resulting in important and confidential information being leaked.
We are a trusted public relations advisor to cybersecurity companies and organizations seeking helpful expert guidance on corporate communication before, during, and after a cyber attack. To prevent these data breaches from occurring, remember the following tips.
Four Tips for Preventing Spear-Phishing Attacks:
- Know the signs of spear-phishing.
To prevent a spear-phishing attack, you need to double-check some things before taking action. First, recognize if the email wants you to download a file or click on a link. If so, make sure to think before you click the link. Verify if an email is legitimate by double-checking the email address and making sure everything is spelled correctly and matches the name of the sender. If the address seems even a little off, such as ending in .co instead of .net, do not click it! Look at how the sender addresses you, too. If the sender refers to you as a customer, sir, or anything strange, be weary of the email’s content. Lastly, what is the tone of the email? Is it trying to make you do something urgently that you typically wouldn’t do, or does it just feel off? If so, you should investigate it further before clicking on anything.
- Beware that all emails, and even phone calls, could potentially be a form of spear-phishing.
Even if an email doesn’t have any of the red flags mentioned above, it could still be an attempt at spear-phishing. A spear-phishing email can still address you by name, know specific details about you, and have a professional tone to it. Not only that, but you could be spear-phished over a phone call, such as a seemingly trusted individual trying to make you tell them information or have you visit malicious websites. Because it's so hard to spot these attempts at spear-phishing, always protect your password. Never reveal your password over the phone or email, and never insert it after clicking on a link from an email.
- When in doubt, call the sender.
If you think the files you’re prompted to download or the links in an email are legit (or you’re unsure), you can always call the sender to verify. You can call the actual company from their official website to make sure this is really them and something they need from you. If you're being requested for bank information over the phone, you can always call the bank’s main customer service line for verification. If you aren’t sure, you can always call to double-check that you aren’t being spear-phished.
- Make sure to lock down all personal information.
Lastly, you can help prevent a spear-phishing attack by limiting the amount of personal information you put online. The less information hackers can find about you, the less likely they’ll be able to target you in an email or phone call. You can limit this information by making your social media accounts private instead of public and by limiting the life events you post about. You can also use multi-factor authentication so hackers need more than just your password to hack your account.
Spear-phishing is very dangerous and happens frequently. So, to protect your information and your clients, make sure to follow these tips to prevent a spear-phishing attack.
If you're currently experiencing a cybersecurity incident, book a crisis cybersecurity consultation. Not under duress but looking for help communicating about cybersecurity before a potential cyber attack? We can help you. Book a free cybersecurity consultation.
Photo by Torsten Dettlaff