How Does Spear-Phishing Work?
Hackers and criminals can target your computers in many ways, but good IT services in Sydney can help protect you against the most dangerous of these: spear-phishing.
Phishing emails try to trick you into handing over sensitive information, such as online banking details. Attackers send you emails that claim to be from widely used services, such as banks or popular websites. They send these emails en masse, hoping to snare a small number of victims. The emails usually ask you to “confirm” your details by clicking on a link and entering your login information. However, while the site you’re taken to looks legitimate, it’s really owned by the attackers. Unwittingly, you hand over your details to the criminals. Clicking the link may also download malware onto your computer, giving the attackers future access to your computer.
In spear-phishing, attackers target individuals or small groups who have something in common. The targets may all work for the same company, shop at the same online store, or use the same bank. Because their target is tightly focussed, the attacker is able to tailor the phishing email to the group in question. Usually, they pretend to be someone in authority from your company or an employee at the shop or bank in question. It’s always someone who could credibly need to ask you for information. Spear-phishing emails tend to greet you by name and may reference shared acquaintances or recent transactions. This is designed to trick you into letting your guard down.
How Spear-Phishing Can Harm Your Business
If you fall for it, attackers can:
- Steal your company secrets, such as research or corporate strategy. They may then try to sell it back to you or to your competitors.
- Trick a senior employee into handing over financial login data. Or they may trick an employee into downloading malware that infects company computers and looks for financial information.
- Gain access to your account with a supplier and make fraudulent purchases.
- Infect your computers with ransomware.
How to Protect Your Business
Your first impulse might be to search for services that include cyber security in Sydney, but that may be a waste of time. Using a good IT provider already gives you your first line of defence. A reputable IT services provider in Sydney automatically scans emails that pass through their service, filtering out potential attacks.
Following advice from the FBI, your next line of defence should be employee education. They advise everyone to:
- Be aware of potential attacks, and that banks and companies rarely request sensitive information by email.
- Use a phishing-filter (taken care of by your IT service provider)
- Never click on email links to secure websites (ones that start with https) Type the address in manually instead.
Also, you should remind employees that if they’re in doubt they should contact the person or company directly. But that they shouldn’t use the email address or phone number in the email.
Choosing good IT services in Sydney is a great first step towards protecting your company from spear-phishing. You also need to educate your employees though, as technology alone can’t solve the problem. If you need secure, managed IT services, contact us at CustomTec today.