Heard of Spear Phishing? Hackers Hope You Haven’t

IT security

Cyber crime is a lucrative business. According to a report by The Guardian, cyber attacks cost the U.S. economy roughly $100 billion each year. That’s right, $100 billion, with a “B.”

These attacks aren’t just on big-name brands like Target, JP Morgan Chase and Sony, either. Small businesses are just as vulnerable to this kind of threat. A reported 71 percent of cyber attacks occur at businesses with fewer than 100 employees, according to a Data Breach Investigations Study by Verizon. In fact, Nashville companies, including my own, have recently been targeted by a particularly sophisticated scheme called spear phishing.

Spear phishing is a highly targeted email spoofing fraud that elicits the unauthorized sharing of sensitive information, particularly from members in the C-Suite. After extensive research, hackers phish executives for sensitive information, like trade secrets or financial data.

How spear phishing works

Unlike most phishing scams where the thief communicates directly with the victim’s bank, in a spear phishing scam, hackers trick their victims into doing the dirty work for them.

Cyber attacks cost the U.S. economy roughly $100 billion each year.

Hackers begin by probing company executives for information by sending an email that appears to come from a familiar source. The email offers a seemingly legitimate reason for clicking a link, and the executive is then directed to a webpage requesting him to update personal information. Since the request appeared to come from someone familiar, individuals are more likely to willingly give up sensitive information. With this knowledge, the thieves gain access to company data and accounts, where he can wreak havoc on the entire organization.

How to protect against spear phishing

Fortunately, there are a number of steps small businesses can take to ensure they don’t fall prey to this malicious attack.

Educate employees. More than half of security breaches can be attributed to human error, and it can be very difficult to track where an attack initiated. Thus, it’s important to strengthen your first line of defense.

Spear phishing emails can be difficult to recognize, so employees should be trained on how to spot malicious emails. Stay up on the latest tactics and keep employees educated on best practices.

Beef up your security methods. Experts advise businesses to require two pieces of identification to access email, a policy known as two-factor authentication. You can also enable Sender Policy Framework (SPF), an email-validation system designed to scan for and block variants of an organization’s domain name.

Don’t let your guard down. Always verify the legitimacy of any request for money or company data with a phone call. Hackers are also constantly on the prowl for any information about their next victim, so you may want to think twice before posting on social media about that cool new gadget you just picked up. The effectiveness of spear phishing relies on familiarity, and you’d be surprised what kind of information hackers can use against you.

This post also appeared in The Tennessean, where Concept Technology has a bi-weekly feature in the Business section.