Most of us have a virtual personal assistant that lives in our pockets, internet connected devices in our homes to make our lives easier, and we’re having lengthy customer service conversations with chat bots. Technology has gotten more sophisticated in every way (aside from that printer that never seems to work). In this climate of innovation, hackers have learned a few lessons too. Spear phishing attacks have become so complex that they have the power to trick even the most savvy user. With all the emails you will be getting this Black Friday and Cyber Monday, is your business ready?
What is Spear Phishing?
A study released by the Better Business Bureau in October 2017 revealed that 90 percent of cyberattacks on businesses come through phishing emails. All phishing attacks rely on trust. Hackers design fraudulent emails that create a sense of urgency, inciting panic and causing people to give up sensitive information before thinking of possible risks. These messages are disguised to look like critical security alerts or important work-related information. Or as the holiday shopping season kicks into full swing, emails from stores you like to frequesnt. There are many giveaways that help employees recognize these attacks, from too many typos to generic greetings like, “Dear Customer.” In a spear phishing attack, hackers target specific users, tailoring their messages with personal information to make their requests seem legitimate. Recently, they’ve taken these tactics to the next level.
Three Spear Phishing Trends
Playing the long game
Hackers can be very patient. They may obtain one employee’s login information, then monitor their emails to learn about your organization. They will determine who the decision makers are at your business and learn what types of attachments employees tend to send and receive so they can mimic them. By gaining access to one employee’s email account, the hackers gain enough information to make their next move. They may even use the compromised email address to contact others in your workforce, which brings us to the second trend on the list.
Hijacking email threads
Would you be suspicious of an email coming from one of your employees? Hackers may take over an employee’s email account, then look for an existing company email chain. Posing as the trusted employee, the hacker then tries to convince the others in the conversation to download an attachment, installing malware that infects their devices and network.
Bypassing your spam filters
Don’t depend on your email filters to catch spear phishing attempts. Hackers have figured out how to bypass those filters and end up in your main inbox. They have done this by impersonating trusted sources like Google Drive links and Microsoft SharePoint URLs that trick systems like Gmail and Office365 into thinking the links are coming from their own products. In this environment, how can you know the difference between a trusted communication and a spear phishing attack? Partner with an MSP like Cooperative Systems. We can help you identify suspicious communications. If you’re ever unsure, it’s always a good idea to check in with your trusted IT experts.
Spear Phishing in the News
We know you probably have a whole host of reference points on this topic by now. That said, here’s one very familiar one that gives you a clear example of the sorts of attacks we’re talking about here:
In February 2018, hackers targeted Netflix subscribers, sending emails saying the user’s accounts had been deactivated because the billing information could not be validated. The emails greeted the recipient by name, and the message instructed them to click on a link to reactivate the account. The link took them to a fake Netflix login page. After “logging in,” they would be prompted to provide credit card details, an updated address, and their mother’s maiden name. Because people often recycle passwords, or use very similar passwords with slight variations, the hackers could use those login credentials to gain access to the user’s other accounts.
Imagine if this happened to one of your employees using their work email for their Netflix account! Scary, especially knowing that some employees use work accounts for personal things.
We Can Help You Protect Your Business
Spear phishing attacks are frequent and they are getting harder to recognize. You don’t have to face these attacks alone.
We are here to help you protect your business.