credit card spear phishing attacks

What is spear phishing and how do I defend against it?

Did you know more than 85% of emails consumers receive are considered spam? An email encouraging you to buy something or visit a new website may not seem dangerous, but it can be—especially if the email is a phishing attempt.

Phishing is a tactic employed by cybercriminals to trick users into clicking a link or providing sensitive data like usernames, passwords, or account numbers. This technique generally involves emails from addresses that appear to be legitimate. Spear phishing differs from regular phishing in that the attack is more targeted and the attacker has taken time to gather information about the target in an attempt to make the attack seem more legitimate.

If you manage a large team of employees, letting them know about the dangers of spear phishing is essential. With knowledge, training, and the help of expert managed IT security services, you can combat these attacks and others like them with ease.

Think before you click. Follow these tips to protect yourself and your network from spear phishing attacks.

Follow the “check it twice click it once” policy

The first thing you should do before clicking or replying to an email is to inspect it for signs it might be a phishing attempt. If there are links in the email, don’t click them yet! Instead, hover over the link to see the destination website address. Look at it carefully. Even little changes, like an extra letter or misspelled word, can make a fake website look legitimate.

Often times, hackers will hide malicious URLs in links of words like “click here” or “read more.” While you may be tempted to click these links, get in the habit of checking the URL first. If it’s not from a website you know and trust, simply don’t click it.

Taking the time to thoroughly vet each email can help you can avoid clicking on a malicious link that could compromise your network.

Verify email authenticity

Hackers often use email addresses that are one or two characters off from actual legitimate accounts. If you receive a weird email from an address you think you recognize, reach out to the sender (not by replying to the email in question) to verify its authenticity.

Encouraging your team to vet strange emails from trusted accounts is also important. The more information you can provide your team regarding how to avoid these attacks, the easier you will find it to keep your network and data safe.

If you or your employees are unable to verify the legitimacy of an email, delete or quarantine it.

Avoid sending sensitive information via email

Train your employees to never email sensitive information, like passwords, social security numbers, or account numbers. Regardless of who is requesting the information, sending it in an email can put your information at risk and may lead to identity theft. Most legitimate businesses will never ask for sensitive information in an email and instead will provide alternate means of submitting information, like a secure, encrypted website.

You should also train your team to alert management if they receive a suspicious email. Because all email addresses within a company may have been targeted, recognizing attacks and warning employees about them as soon as possible can help prevent people from falling victim to it.

For more ways to keep your network safe and secure, contact your managed IT services provider. From continuous network monitoring to security assessments, they can help keep your network and your business safe.