If you have being paying attention to the national news recently you no doubt heard about the White House being the subject of what we in the IT industry call a spearfish attack. Don’t know what spearfishing is? Concerned it could happen to you? It can, and it’s common. Read on.If you are a business owner – any employee who clicks on fraudulent link in a spam email can put your entire business network at risk. Make sure they understand the following signs of a phishing or spear fishing attack.Phishing is the act where hackers attempt to acquire sensitive information such as usernames, passwords, credit card details, etc., while masquerading as a trustworthy entity in an electronic or telephone communication or even in person. Spearfishing is a little different in that the hackers target a specific group of people that all have something in common such as working at the same company, attending a certain college or banking at a certain institution. In addition, they often contain some inside information that make the recipient think the email is legitimate. This information is often obtained by hacking into a company’s computer network, or by simply combing an organization’s website, blog or social networking site.The recipient, thinking the email is legit, clicks on the link in the email and is usually taken to a website where they are asked to provide confidential information such as passwords, account numbers, PIN numbers and much more. Once this personal information is provided the criminals have everything they need. Spearfishing can also trick the recipient into downloading malware (software that collects information from your computer on an ongoing basis).How can businesses protect themselves? Employee education gives one of the greatest and most lasting returns on security spending. For example:
- You’ve heard it before but if you remember nothing from this article remember that banks and other agencies will NEVER request personal information via email. And, if you think they are, call them – but not the number provided in the email.
- Use a filter provided by your internet search engine and maintain up to date virus protection software on your computer.
- Do not follow links to secure websites from an email. Always type in the web address in your browser.
- Read emails carefully – most of the time scam emails will have some dead giveaways such as misspelled words, improper grammar, and weird logos.
In addition to educating employees businesses should also not neglect the basics. Computers need to have up-to-date anti-virus/anti-malware software and current operating systems and patches.