Beware of the spear phisher!

International Cyber Security Day is on 30th November, but just as a puppy is not just for Christmas, keeping safe online should be a quotidian event.

International Cyber Security Day has been “celebrated” (if that’s the right word!) every year since 1988 when hackers started to realise the value of data held on computers.  It’s a timely reminder to secure your systems and be on your guard about the threats posed by malware.

You must be sadly all too familiar with the emails sent by hackers aiming to trick you into clicking on a link or divulging your password, but did you know that not all fraudulent emails are created equal?

When I heard about spear phishing, it brought to mind Captain Ahab harpooning whales in Moby Dick – “Call me Ishmael”.  This is, in fact, the name given to a targeted socially-engineered attack.  Furthermore, there is a version called whaling where the victims are high-ranking individuals in a company (and therefore whales rather than fish).

This is how it works:

  • You receive a business enquiry by email which appears to be totally legitimate – there are no dodgy links or attachments.
  • You respond, providing information about your services.
  • It is only on this second reply that the dodgy link appears – click this at your peril! It could lead to a malware infection and your precious files could be encrypted and held to ransom.

How does a whaling attack differ?

As well as targeting a key member of staff such as the CEO or CFO, the larger rewards involved mean that the hackers will take more care over the appearance of the email, copying email signatures, branding and logos.  It is also apparently sent from a trusted source.

How can you protect yourself?

Being aware of the potential threat will go a long way to keeping you safe.

In a busy office, you won’t always have time to inspect every email thoroughly, so consider using spam filtering to block harmful messages.  Good antivirus, strong passwords and an automated backup of your data also helps.

At Computer Troubleshooters we have other security solutions to stop the cyber criminals in their tracks.  Is it time for you to review your cyber security?

When it comes to spear phishing, may you be the one that got away!