Spear Phishing - All You Need To Know - Conosco - Conosco

Information and Cyber Security should be a top priority for any business, but a large number of companies are vulnerable to attacks, simply because of a lack of knowledge and awareness. Conosco offers a holistic programme of Information Security Awareness Training, which starts with educating business leaders and employees how to mitigate the risks and impact of cyber attacks and phishing. In this series of blogs, our security analysts explore the measures your business can take to improve your business’ Information and Cyber security.

Hackers go spear phishing

Spear phishing is a targeted attack in which the hacker knows which specific individual or organisation they are after. This differs from the traditional phishing approach, where mass emails are sent to as many people as possible. The hackers will research their target, usually via public sources, in order to make the attack more personalised and increase the likelihood of the target falling into their trap.

When they have gained sufficient information, the cyber criminals send legitimate looking emails to their targets, requesting personal data and offering urgent and realistic explanations as to why they need it. Often, the victims are told to click a link in the email that takes them to a bogus but realistic-looking website, where they are asked to enter access codes, usernames, passwords, personal identification and account numbers. Once criminals have your personal data, they can access bank accounts, use credit cards, and create a new identity using the stolen information.

Don’t get caught

It is easy to get fooled, but you can avoid being caught if you take these precautions:

• Banks, financial institutions and the of majority legitimate companies do not request personal information via email, as a point of policy. If you are unsure, contact the business directly n the phone, but do not use the phone number provided in the email.
• Never click a link that is embedded in an email from an unknown source or that is not correctly addressed to you. Copy and paste the URL manually into a browser to check whether it goes to the true company website with the correct URL.
• Never open attachments from strangers.
• Ask your colleagues and friends to tell you before they send you an attachment or download link.
• If the email appears to be from someone you know, check that the email address of the message sender aligns with their correct address.
• Never share full account login details via email or an instant messaging account that can be stored in email. If a hacker has access to your email account, they will scan for account logons.
• Keep an eye on your personal and business banking account statements for any unusual activity.

Your greatest defence

First and foremost, you must educate your workforce: all employees who have access to your networks must be able to recognise a phishing e-mail as soon as it hits their inbox. Conosco recommends using simulated phishing e-mails to test employees and assess vulnerabilities within the organisation. Conosco partnered with Knowbe4, a world leader in awareness training and phishing simulations, providing real-time e-mail scenarios designed to improve end-user confidence and their ability to recognise phishing attempt along with awareness training.

If you have any questions about the information security of your business, get in touch with one of the experts at the Conosco Security Division: securitydivision@conosco.com

Written by Tiaan Jonck, Security Analyst, Conosco