Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Spear phishing - what to look out for

published on 2024-06-04 11:43:33 UTC by
Content:

Spear phishing attacks are specific phishing attacks that target individuals through malicious emails. Businesses are frequently targeted as they are used to working with large amounts of money and have multiple employees to target. 


As the name suggests, spear phishing is highly targeted around specific people or groups. Fraudsters will spend a lot of time and research creating very sophisticated emails or messages, pretending to be someone else to trick the reader. In comparison, a standard phishing message will be sent out to thousands of people in the hope that a small percentage of them will click on a link. 


A spear phishing message could look like a regular piece of communication from a client or a contact, but its contents closely imitate a genuine message, making it very hard to spot. 





Fraudsters can use social media to gather a lot of information about your business and employees. They can now also use AI to scan through lots of information and create compelling communications that appear to be completely legitimate. This is why it’s important to know what is publicly available information about your organisation and employees and carefully consider what you share publicly. For example, posting an innocent picture of your holiday on LinkedIn would show that you are out of the office and give the attacker valuable information that you are not at work. 


Only 18% of businesses had tested employees with phishing simulation exercises, found the latest Government Cyber Security Breaches Survey. Yet phishing is by far the most common form of cyber breach, with 84% of businesses stating they have identified breaches or attacks, related to phishing in the last year. 


Some examples of spear phishing attacks:


  • Fake invoices or requests for payment

  • Business email compromise or spoof emails from owner, directors or CEO of the business 

  • Linking to fake websites, with similar domain URLS or domains that are hidden through URL shorteners

  • Fraudster posing as a customer service operative from a well-known company 

  • Impersonating security alerts 

  • Spoofing business services, such as delivery companies with fraudulent links

  • Charitable requests 

  • Fake job offers through LinkedIn 

  • Fraudsters using social media to befriend people and then defraud them 


Not only is it important to ensure that your employees fully understand how to spot a phishing or a spear phishing attack, but it’s also really important to ensure you understand how to protect your business from being imitated by fraudsters. 


What to do if you receive a spear phishing attack and have clicked through on a link:


  • Contact your IT team (if you have one) 

  • Report it to Action Fraud in the first instance 

  • If you believe the device now has malware, disconnect your device from the internet

  • Check your banking to see if any unrecognised money has left the account. If you’re concerned about a specific transaction, call your bank immediately (making sure you look up the correct number).  

  • If you have clicked on a link to a spoofed website, then log into the genuine website and change your password to a very secure one. 

  • Ensure you have backups of all of your work documents and data and that they are kept up to date. 

  • Schedule in cyber security training for you and your employees to prevent future attacks


How you can protect your business against spear phishing


The NWCRC allows small organisations to review online information through our affordable Risk Exposure Assessment and Digital Footprint Assessment to help them understand the risks of publicly available information, alongside Security Awareness Training and Simulated Phishing Exercises to help build resilience in your organisation. 




Article: Spear phishing - what to look out for - published 6 months ago.

https://www.nwcrc.co.uk/post/spear-phishing-what-to-look-out-for   
Published: 2024 06 04 11:43:33
Received: 2024 06 18 09:46:29
Feed: North West Cyber Resilience Centre
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 4

Custom HTML Block

Click to Open Code Editor