5 Ways To Beat Spear Phishing

For years, criminals have been trying to trick you into giving them money or giving away personal details. Today is no different, it’s just that the method of attack has changed from face-to-face to email, says cyber security commentator Pete Roythorne.

October was European Cyber Security Month (ECSM), but just in case you’re not yet familiar with the term, ‘phishing’ refers to fraudulent email messages appearing to come from legitimate sources. These emails will contain links to malicious websites or have attachments that can download malware to your system.

For years, criminals have been trying to trick you into giving them money or giving away personal details. Today is no different, it’s just that the method of attack has changed from face-to-face to email, says cyber security commentator Pete Roythorne.

October was European Cyber Security Month (ECSM), but just in case you’re not yet familiar with the term, ‘phishing’ refers to fraudulent email messages appearing to come from legitimate sources. These emails will contain links to malicious websites or have attachments that can download malware to your system.

They used to be easy to spot and avoid, but according to Verizon Data Breach research, a massive 30% of phishing emails were opened in 2015 – up from 23% in 2014. At the same time, the number of people clicking on the enclosed link or attachment also rose from 11% to 13%. Figures any email marketer would be proud of, and given the huge numbers of people these emails are distributed to, cause for considerable concern for businesses of all sizes.

 Phishing is getting more sophisticated

Over the past couple of years we’ve seen some scary new developments. Firstly, ‘spear phishing’. These attacks are seeded with specific personal or institutional information in the hope of making the attack more believable. As such they are often much less easily dismissed.

Secondly, ‘whale phishing’ (or CEO fraud), where the scammers target key business functions with emails purporting to come from high-ranking executives, such as the CEO. According to the Anti Phishing Working Group whale-phishing became a major problem in 2015. Initially they started as unsophisticated money transfer requests, but quickly became much more sophisticated.

The FBI reported a 270% increase in global losses to these types of attacks from January to August 2015. The agency also claims that more than 12,000 victims have been affected globally, with average losses of $120,000, but with some companies being tricked into losing as much as $90m.

Beat the phisher men (or women)

With so much of our information available online, from CEOs’ email addresses to even their travel plans, it’s getting easier for cyber criminals to create convincing phishing hooks. And worryingly, it’s often smaller businesses that are the most under threat as they don’t have the robust authorisation policies in place to stop people being conned into passing over huge sums of money.

It really is all too easy to be taken in by phishing scams, particularly with the back stories becoming more and more refined. However, with some simple steps you can make sure your business doesn’t find itself hitting the headlines for all the wrong reasons.