Have you heard of spear-phishing? If not, you might one day feel the jagged edge of the spear come piercing through the scaled skin of your business. So what exactly is it and how can you protect yourself and your business?
Spear-phishing can be described as this:
Something has gone wrong, and a hacker starts using your deleted email folder as their own. They’ll send out emails to your friends and co-workers and it’ll look like it’s coming directly from you. This leaves your entire company vulnerable to Malware attacks. Security breaches like this prey on the trust between coworkers within an office.
Imagine this spear-phishing scenario:
You’ve worked hard to gain your clientele, and Maria knows that. She’s been here since Day 1, starting out as an Assistant and now sitting in an Account Manager position. You used to talk more often, but the stresses of family and business have led to less of that chit-chat.
However, she’s still a good friend and someone in the office you trust.
She also thinks the same of you, and so when she receives an email from you asking her to reset her password to log into the work’s intranet, she complies, without hesitation.
Only it wasn’t you emailing her. It was some hacker, sitting in front of a bright computer in his dark basement. And now, with access into the business’s system through Maria’s account, he can find anything he wants about your customers.
Now everything you have is exposed.
In the above scenario, the hackers gained access to your deleted messages inbox and spammed your coworkers with a malevolent link to gain access to company files. However, even if your deleted email folder hasn’t been directly hacked, you’re still at risk for a spear-phishing attack.
Consider overhearing the following water cooler conversation:
Bill: “You get that email from Mary this morning asking you to update your passwords?”
Stacy: “Which Mary?”
Bill: “The one from HR.”
Stacy: “Oh. I did. Don’t know why she needs me to change the password, though. I just updated it during the benefits enrollment thing last month.”
Bill: “Yeah. I got the email too, and I also recently updated my passwords. Huh…weird.”
Those aware of spear-phishing scams will know that it’s a strong possibility Mary from HR isn’t sending these emails. For those coworkers who respond to a Malware attack like this, any personal information sent back will be forwarded to Mary’s Deleted Emails inbox, where the hacker is waiting to steal that information.
So How Do You Keep Your Company Safe?
Keeping your company safe requires more than just ensuring your email inboxes are secure. All staff must also be properly trained on spear-phishing attacks and know when an incoming email looks suspicious, even if it is sent by a coworker.
In addition to network security measures like anti-virus protection, you can prevent spear-phishing attacks by running regular security reports to detect suspicious activity and by ensuring your operating system is kept current.
If you suspect your company is vulnerable to spear-phishing and other Malware attacks, call CPT at 954-963-2775 and let us step in. We stop the security breaches before they can ever even get to your business’s doorstep.