Spear-phishing. What, Why and How to Prevent it.
What is Spear-phishing?
Email phishing is when you receive an email from someone with a forged sender address, as if they were someone else; the “MAIL FROM” will represent the details of the person the sender is pretending to be, rather than who they actually are.
So why would anyone want to phish an email address?
Phishers tend to be criminal in intent. They might be sending links; trying to get people to download malware, they may be asking for personal or bank details, or sending out instructions from a source you would normally trust in the hopes you follow them. Inevitably, this leads to you sharing information or performing tasks you would not normally do, leaving you open to theft of data, or money.
‘In a recent example of spear-phishing, a self-described "email prankster" in the UK fooled a number of White House officials into thinking he was other officials, including an episode where he convinced the White House official tasked with cyber security that he was Jared Kushner and received that official's private email address unsolicited.' You can read the full story here.
How do they get your address in the first place? Why choose you?
It is very easy to end up on a phishing list, and there are many ways it can happen. You may have unwittingly clicked on a malware email at some time, leaving you open to data hacking which may allow the phisher access to your email going forwards. You could have been part of a large group cc’d into an email where one of the other email addresses had a scraper in it (software that gathers all email addresses it can find and adds it to a list). This in turn, has a knock on effect and phishing emails may be sent out from you to all the people in your address book and so on. Phishing is very rarely a personal attack, is generally anonymous and can be detected at either personal or business accounts.
Why is it that sometimes you receive more phishing emails than usual?
Much like viruses, e-mail phishing and general phishing scams are a war of attrition between the phishers and the mail protection companies with each trying to better the other. At times the reason it seems you are receiving more phishing e-mails than at others is exactly what it seems, the phishers have found a way round mail security and have focused on sending more e-mails and, in turn, the email protection companies update, respond and close the security loophole. Other times it can simply be that a contact has had their e-mail account breached and your e-mail address has been identified from their address book;as you are likely to be on the address books of others also identified this way you may find an increase in the number of e-mails received. The thing to remember is these types of attacks are always happening, it is just you don’t see it because your protection is working or sometimes you have simply been lucky enough not to have your e-mail address appear on a compromised list.
Can phishing be stopped? How do you protect yourself?
You can help protect yourself from phishing and other forms of malicious spam by following the simple steps below:
• Use an industry leading and recognised anti-spam/e-mail protection solution. These solutions are continually updated and whilst they do not provide a fool proof solution they are the best first line of defence. WorkPlaceLive uses two of the top world brands for this – Message Labs and Barracuda.
• Turn on/up your spam filters on your e-mail client. This can help to ensure that the phishing email lands in your junk rather than inbox (however this might also block wanted emails).
• Don’t click on unexpected links and advise your staff about the possibility of phishing. Forewarned is forearmed!
• Don’t download unfamiliar attachments. If you’re unsure, contact the person you believe the email is from (but don’t just click reply! Call them or send them a new email)
• Check emails addresses against domain names to ensure they match – if not, approach with caution.
• Above all, be vigilant – the most complex protection platform available to you is your brain, it can spot subtleties that can be missed by technology but only if it is switched on to the dangers.
If you’re at all concerned your email may have been targeted by spear-phishing, contact our expert team today!