Thursday, February 11, 2016

What is Spear Phishing?

The Increased Need for Cyber Security

In a world revolving around technology, business need to understand the importance of not only protecting their physical store, products, etc., but also their information. Increases and advances in technology lead to increased cyber crime. Insure the Lake wants to make sure you're aware of the possible threats related to cyber crime and how to protect yourself and your business.

Spear Phishing

You've probably heard of "phishing," a type of cyber attack in which the hacker disguises himself as a trusted source online in an attempt to acquire sensitive information. Now, more resourceful criminals are resorting a more sophisticated technique called "spear phishing." With this new technique, the scammer uses personal information to pose as colleagues or other sources specific to individuals or businesses. Due to the personal information involved, these attempts at cyber crime are much more believable than traditional phishing attempts. Any information posted online can potentially be used as bait in an attack. The more the criminal learns about a potential victim, the easier it is for them to gain the victim's trust. Once that trust is there, the hacker will usually make a reasonable request such as to click a link or open an attachment.

Personal Risk 

One common example you may have witnessed is when you receive a Facebook friend request from someone you thought you were already friends with. The scammer will take your friend's name and profile picture, setup a new account and then try to add you as a friend. Anytime you get a friend request, be sure to go to that profile and make sure it's actually your friend's page and not a fake profile before accepting it. Falling victim to one of these attacks can provide the hacker with all the personal information on your computer. 

Business Risk 

For businesses, the potential risk for spear phishing is monumental. According to the Internet Crime Complaint Center, there were over 120,000 cyber crime-related complaints against businesses last year. This resulted in loss of over $800 million. A large majority of these attacks involved spear phishing, as the messages are designed and customized to make the victims feel safe and secure. Even if spear phishing perpetrators target just one employee, it can put your entire business at risk. Falling for an attack like this gives the hacker access to any information they want across the entire network. A successful spear phishing attack often goes unnoticed, which increases the risk of large and continued losses.

Protecting Your Business

While it's impossible to completely avoid these types of cyber risks, there are some things you can do to protect your business from further damage. Be sure to educate your employees on how to reduce the risk of cyber crimes in your workplace by discussing these simple techniques:
  • Never send financial or personal information electronically, even if you know the recipient well. It may be possible for a third party to intercept this information, especially if the recipient is later subject to a spear phishing attack. 
  • Be cautious when you are asked to divulge personal information in an email. Even if it appears to be from a trusted source, it could be a hacker impersonating another person or group.
  • Only share personal information on secure websites or over the phone. When in a Web browser, you can ensure a website is secure when you see a lock icon in the URL bar, or when an “s” is present in the “https” of a URL. The “s” stands for “secure” at the end of the normal “http”.
  • Some spear-phishing schemes use telephone numbers, so be sure to never share information over the phone unless you initiate the call to a trusted number.
  • Never click on links or open attachments from unknown sources. Even opening a file that seems familiar can give a spear phishing attacker access to personal information stored on your device.
  • Ensure that your company’s security software is up to date. Firewalls and anti-virus software can help protect against spear phishing attacks.
  • Encourage employees to think twice about what they post online. Spear phishing hackers often attain personal information through social media sites. Make sure that employees know how to keep this information private to protect their own security as well as that of your business.
  • Regularly check all online accounts and bank statements to ensure that no one has accessed them without authorization.
  • Never enter any personal or financial information into a pop-up window or a Web browser.

If you think your business has been the target of a cyber attack, it's important to act quickly in order to limit potential losses. Your first step should be to change all your passwords to accounts connected to sensitive business information. You'll also want to obtain a list of recent and pending transactions. If necessary, you may need to contact law enforcement. Next an IT consultant should look for any vulnerabilities that remain on your network and advise how to avoid future attacks. In addition to working to prevent cyber attacks, it's important that your business has the proper Lake of the Ozarks insurance coverage for these cyber situations. Give the best insurance company at the Lake of the Ozarks a call at 573-348-2794 to discuss coverage options and make sure you're business is fully protected!

Request a Free Quote Online! Contact Insure the Lake today for all your Lake of the Ozarks insurance needs! 

About the Author: Steve is a double back-flip insurance ninja. He was named Young Insurance Agent of the Year by the Missouri Association of Insurance Agents in 2010 and is a Certified Insurance Counselor. When he is not helping customers, he enjoys community service, Latin dancing with his beautiful wife and going on adventures with his two awesome sons.

Steve Naught, CIC
3736 Osage Beach Parkway
Osage Beach, MO 65065
Next to Golden Coral