Spear Phishing Tries to Get You to Disclose Your Confidential Information
In simple terms, spear phishing cyberthreat means receiving an email that looks like it came from someone you know, but actually isn’t. It is a threat for anyone, anywhere, and in any industry. They can be the seriously obvious to well-crafted emails with research behind it utilizing social engineering – or finding out information about you. A well-crafted spear phishing attempt may appear to be your boss asking you to wire money, from your mom that still sends forwarded emails from her AOL account to click a link to a funny video about cats, or I’ve even seen some that specify kids names and links looking as if they are going to their school. Yikes!
Why is the Spear Phishing Cyberthreat getting worse?
- It isn’t that hard. It is a high probability at this point in history that they will spear a fish – you. The intended victim likely isn’t paying attention or doesn’t have the skills to see that it is fraudulent.
- Your social media is set to public. Many people without realizing it are showing the world all about their life. Using many available tools, you can run searches and reports on people. e.g. folks with jobs listed as in the financial sector. It is my opinion from what I have seen anecdotally is that CPAs, controllers, finance managers, etc., are currently a primary target followed closely by baby boomers close to or already retired.
- Most people have their account on their computer set to exist as a local administrator – so clicking a link allows the hacker to install whatever they choose. If you just set your main daily user profile to standard, it gets rid of 90% of possible virus intrusion attempts – seriously.
- Local or Domain Administrator accounts have complete control over a computer. Users with this type of account can change settings globally, install programs, get through the User Account Control (UAC) when elevation to perform a task is required, and everything else.
- Standard User accounts have more limited control. Users with this type of account can run applications, but they can’t install new programs. Users can change system settings, but only settings that won’t affect other accounts. If a task requires elevations an username and password for an administrator will be needed to pass through the UAC prompt.
How do you protect yourself from spear phishing?
I covered this in a different spear phishing email blog post a few months back, but essentially the best defense is you. Be weary of clicking anything and if it smells fishy – its phishy.
How does Network Medics protect our customers from the spear phishing cyberthreat?
As with all our network security, it must be a layered approach from the top down. On the inside, as stated above, you are set to a standard user on your computer. At the front door (so to speak), your network firewall is monitoring the flow of internet traffic at all times going in and out of your network. In between, there is essentially a customized layered network security technology “sandwich” that has been highly successful for the protection of Network Medics’ clients since 2008.
In summary, keep your eyes open on your computer as if you are always in a dark alley. Reach out to us if you have any questions. If you get something that looks phishy, its better to take the time up front and ask – then spend days, weeks, or months recovering from the spear phishing cyber attack.
Partner of Network Medics
Minnesota Business IT Consultant