Spearfishing is exactly what you think it is and civilisations have used the method to feed from marine life for centuries. Spear phishing, on the other hand, is a relatively new way for hackers to feed from sensitive information online for their own malicious gain; be it financial, political or to cause disruption and embarrassment.
This month, we commissioned a survey of 263 IT professionals in Irish businesses via TechPro magazine. The research gave us insights into how cyber security is driving change within organisations and IT departments.
The research also discovered continued targeted attacks using relatively simple but highly effective means, such as phishing, against individuals within organisations. More than 48% of organisations said an employee was the subject of a personal, targeted or spear phishing attempt. In excess of a quarter organisations said they did not know if a member of their organisation had been targeted.
Spear phishing usually looks like an email pretending to be from someone you know or another credible source like a bank or well-known brand. The origins of the email however are actually more nefarious and the sender is looking to extract money from the target or gain unauthorised access to confidential data. Signs like strange language or phrasing in the email can set off alarm bells, but often it’s hard to recognise such an attempt to hack.
A recent Verizon data breach reports said 23% of people who receive a phishing email will open it. A further 11% will go on to click on the link or attachment. Phishing in all its guises; general, spear and whale; continues to be a very effective way for the “bad guys” to cause both personal and organisational damage.
How to recognise phishing?
It can sometimes be hard to spot in the heat of a busy work environment and overloaded inbox, but we all need to think twice about received emails. Remember, if in doubt – ask IT or a trusted information security expert. Here are some pointers to think about before you open an email.
- Is this a credible source?
- Does this person or organisation normally communicate with me in this way?
- Do not divulge personal or financial information; a phone call to the supposed requester is best to check validity
- Reduce spam as much as you can and make sure you have good quality firewalls, AV and other appropriate technical solutions in place
- Thinks twice before clicking links, downloading files or opening attachments
- Beware of pop-ups