In the last few months, security researchers and analysts have been buzzing about the new wave of spear-phishing attacks, mainly targeting U.S. defence contractors, several universities and security firms. However, this should come as no surprise, since many of the security predictions for 2012 have placed spear-phishing in the spotlight, as one of the internet security threats to give companies and their employees really hard times.
For those of you who aren’t familiar with the term, here’s a bit of information explaining this type of internet security threat, and what you can do to avoid it.
Spear-phishing – is that some kind of sport
The sport of corporate online scam, yes. Unlike traditional phishing, spear-phishing is highly targeted at individuals working with certain companies. Spear-phishers usually send deceptive messages via e-mail, tweets, text messages or other means of communications, impersonating other people working with the company, or friends of the victims. In order for the messages to look authentic, cybercrooks use data of the person they’re posing as, which means that they steal personal information beforehand or just take it from social sites – either way, we’re talking about identity theft.
Next step: they send the authentic-looking message to the victim – yes, the other victim – in an attempt to trick them into downloading a malware-infected file. Once the malware is installed on the victim’s work computer, the spear-phisher is granted access to a wealth of data: either personal data of the employee or company data the respective employee has access to.
Usually, spear-phishers are not just random hackers trying to “phish” some user credentials, but real professionals seeking unauthorized access to company data and trade secrets. In such cases, spear-phishing can easily pass as a tool of cyber-espionage.
Don’t just keep your head above the surface. Avoid the wave altogether
The recent spear-phishing attacks show just how competitive the corporate world has become and how regular web users can, themselves, be tools in organized cybercrime.
How can you avoid a spear-phishing attack? Here are some tips:
- Get more information about spear-phishing attacks and always stay informed. You can start by reading BullGuard’s dedicated article, to learn more about how to recognize such a threat.
- Don’t hand over login credentials related to your work to any of your friends, should you receive an e-mail from them asking you to do so. Keep a healthy dose of suspicion, especially if it sounds urgent. If a friend or a colleague asks you for sensitive information in a message, it’s best you contact them directly and check if they are the real sender.
- Don’t hand over company or personal credentials to your bank or other partner institution. Keep in mind that banks or legitimate service providers don’t ask you for confidential data via e-mail.
- Separate your work from your personal life – don’t use the same passwords and usernames for every account you create. Keep your profiles private – not public for everyone to see –, and limit as much as possible the personal information posted on social networks.
- Get effective protection for your PC, both at home and at work to protect you from phishing, malware and all sorts of other threats.
Have you ever fallen victim to spear-phishing attacks? Share your experience with us.