Spear-phishing: It sounds like an aquatic sport, but it isn’t. Spear-phishing is when a cyber attack is targeted at a specific employee. Spear-phishers try to convince an individual employee to provide information or money. They can be very convincing because they do their homework, researching business and individual information to make their emails look completely legitimate. It’s critical that employees know about spear-phishing and avoid it to protect their jobs and avoid discipline.
Spear-phishing is one of the most notorious methods used by cyberattackers to obtain employee credentials or install malware on a company’s network. Spear-phishers usually target specific individuals with unsolicited emails. No employee is safe from their deceitful tactics.
Their modus operandi is to seek out an employee, guise themselves as legitimate, and request that the employee download a file attachment or click on a link. The link then takes the employee to a decoy document or a fake website. The employee usually has no idea that he or she has just opened a portal to business and customer information.
In 2014, over 80 million Anthem health insurance records were severely compromised using this method of cyberattack. Omaha’s Scoular Company also suffered financially when its controller sent $17.2 million to a bank in China after receiving spear-phishing emails disguised to look as though they came from a high-ranking employee within the company.
Unfortunately, a large percentage of employees are not able to identify a spear-phishing attack. It is important for employees to increase their awareness about spear-phishing and similar cyber scams because the repercussions of falling prey to a cyber attack are felt by employer and employee alike.
What Can You Do to Help Prevent Cyber Attacks?
- Ask questions. Avoid clicking on pop-up messages that request computer updates or warn about security issues unless you are sure they were initiated by your IT department. If you aren’t sure, ask.
- Preview links. Not all links are what they appear to be: Double-check links by hovering before clicking on them.
- Update carefully. Most companies request that you update your personal information directly on their website or via their intranet. If you receive an email requesting that you update your information using a link, be suspicious.
- Pay attention. Many spear-phisher emails appear to come from a legitimate company, using logos and signatures that are quite convincing. If you receive an email that sounds suspicious or originates from a company or individual you do not know, report it immediately to your IT department. Pay particular attention to websites and links that replace letters with numbers or are only one character off from a business partner or trusted source.
- Keep informed. There are several reliable websites that will educate you about the most recent cyber scams, such as one from the Federal Bureau of Investigation Internet Cyber Crime Complaint Center (IC3).
The masterminds behind these cyber attacks are usually smart, tech savvy, and well-funded. They plan, scheme, and manipulate through the Internet. It’s very easy for employees to fall prey to their tactics; however, if employers and employees remain vigilant, the employer’s chance of a cyber attack can be significantly reduced. And that’s critical to your job security.
Sacramento, CA 95821