What is spear phishing and how can my company avoid it?

What is spear phishing and how can my company avoid it?

The average person receives 16 malicious emails per month.

A 2018 study of 500,000,000 emails found one out of every 101 emails received were malicious. Are your employees properly educated about this? Or will they click a link that could cost the company millions?

Most of the time, the greatest risk to your company’s internet security are the people who work for it (including you). One click on a malicious email—even one that looks like it comes from a friend—could seriously damage your company. New employees are the most at risk for being duped. [1]

What is Spear Phishing? 

Spear phishing is an attack in which hackers trick targeted users into sharing confidential information. It can also involve tricking the recipient into installing malware on their computer or network.

Here is how it works: 

1. You receive an email with an attachment from what looks like it originated from a contact or known company (Ex. appearing to come from your bank, or from eBay).
2. You click a link on an email, invoice or web link, not knowing it’s malicious.
3. The malicious file attachment compromises your business-critical data. Some of these attachments allow malware to be invisibly installed and instantly attach to your personal or company contacts. This maximizes their damage in seconds.
This method is very effective because spear phishing attacks usually look like legitimate files sent from a trustworthy source.

Spear phishing attacks are successful because most employees don’t know how to spot an attack.

Many business owners in Metro Detroit seem to shrug off the danger that spear phishing presents. They think that an attack like this only happens to big corporations, like the ones they see in news headlines.
That kind of thinking is what leads to pure panic when ransomware from a malicious email encrypts all of your business files and demands thousands of dollars to release it (and they usually don’t release it).

Spear phishing attacks wreck companies of all sizes, from mom and pop shops to the big boys that end up on the news.

How can you prevent spear phishing attacks? 

You can’t stop emails from pouring in. The average office worker receives over 90 emails a day. Email is the preferred method of attack. A recent study by Verizon of over 53,000 attacks showed that email was the delivery system for malware in 92.4% of the cases.

The key to preventing spear phishing disaster is training your employees to identify when they’re the target. Employees need to be trained to notice their vulnerabilities and keep up their guard.

How to protect and train your employees 

There are several steps that need to be taken in order to properly protect your company and employees—and train them to be vigilant. (Red Level happens to be one of the few companies in Metro Detroit with customized, employee training programs designed to protect against attacks.)
Your employees should be tested with simulated spear phishing attacks. You have to know your vulnerabilities in order to get better at defending your firm. Testing should identify weaknesses within the company through simulated spear phishing emails, phone calls, and direct contacts.
One size does not fit all. Before creating a training program, the test results need to be thoroughly analyzed, and custom recommendations crafted, based on the specific needs of your firm.
This turns your employees into highly-trained sentinels against spear phishing. Now that they know what to look for, your staff will avoid even subtle attempts at a spear phishing attack.
Need help with testing and training your employees? We do that.

Protect your company from spear phishing before it’s too late

Naturally, all of us would rather live in a world without worries of ransomware, spyware, data theft, and other threats. Unfortunately, complacency is no longer an option.
Proper training makes the difference between smooth operation and financial loss. We take the spear phishing threat seriously, and we think you should, too.

For more information about specialized security training and testing, contact Red Level today.

About the Author:

Red Level
Red Level is a managed IT services firm in Metro Detroit that helps clients accelerate growth, increase productivity, strengthen security, reduce costs and enable scalability.