Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Hackers’ spear phishing attacks mean business

Hackers’ spear phishing attacks mean business

Spam warning

When people talk about online security they often bring up the need for long and complicated passwords, but strong passwords alone aren’t enough to keep your business safe. Rather than cracking passwords, many recent high-profile business hacks have been the result of hackers tricking staff into clicking on malicious links in emails.

The links often install hidden spyware or grant backdoor access to staff accounts, letting hackers delve further into the organisation. If you think of it like robbing a bank, hackers have found that it’s easier to trick staff into opening the vault rather than trying to crack the combination.

I think we’ve all received spam with eye-catching subject lines such as “you won’t believe this photo of you I found online”. Click on the link or open the attachment and you might unwittingly infect your computer and grant hackers access to your online accounts.

Such scams are known as “phishing” attacks and are aimed at thousands of people, hoping that a handful will take the bait. Phishing attacks aren’t just limited to email, they can also come via instant messaging or social media – any medium which lets hackers tempt you to click on a file or link.

Alternatively you might receive an email from your bank or IT help desk asking you to confirm your details or reset your password. In actual fact you’re handing over your details to hackers. A link might take you to a genuine-looking website which is really a spoof site designed to trick you into handing over your password and other information.

“Spear phishing” attacks involve the same tricks, but these attacks are designed to penetrate the defences of a specific business. Recently high-profile spear phishing attacks have successfully penetrated several major tech companies and news organisations.

Because they’re targeted at specific organisations, spear phishing efforts are much harder to detect than random phishing attacks in broken English. Hackers craft genuine-looking emails and send them to specific staff, often including personal and corporate details to help the email appear more genuine.

These details are often gleaned from the corporate website and social media. The emails might even appear to come from someone else within the organisation, who may have already been hacked.

Rather than spread their spear phishing emails company-wide, hackers can study online corporate directories to handpick their targets and avoid tech-savvy IT staff who are more likely to detect such schemes. The idea is to target someone who won’t question a genuine looking email and will click on the link without thinking twice. Spear phishing attacks can be quite sophisticated and are often used in combination with other tricks as part of a larger scam.

So how do you protect yourself and your business against spear phishing? Unfortunately, there’s no magic bullet. The safest strategy is a combination of staff awareness and technological countermeasures. Start by ensuring anti-virus, anti-malware and anti-spam protection are up-to-date, to hopefully stop spear phishing attacks even reaching their targets.

Also ensure that key software is kept up-to-date with the latest security patches – not just Windows but also software such as Microsoft Office, Adobe Reader, Adobe Flash and Java along with the various web browsers and instant messaging clients.

Of course, the most effective last line of defence is educating staff regarding the dangers of spear phishing and teaching them to think twice before clicking on unusual or unexpected links – even if they seem to come from people they trust. Also cover the basics of online stranger danger and handing over personal information such as passwords, even if they seem like genuine requests.

Acceptable Usage Policies regarding the personal use of work computers might also help reduce the risk from spear phishing. Scammers are known to target personal email and social media accounts in an effort to hack into business systems, relying on the fact that most people are rather lax when it comes to their personal online security.

As a business your staff are probably your greatest asset, but they can also be your weakest link when it comes to security. Alerting them to the dangers of spear phishing might be your best line of defence.


About Author

David Hancock

David Hancock is the founder and managing director of Geeks2U, a national on-site computer repair and support company.

Recent News

Apple typically holds a launch event in September for its new model iPhones. Whenever those new phones launch is when the new versions of its mobile operating systems launch as well. They all used to be called “iOS”, but this now encompasses iPadOS, watchOS, and tvOS. iOS itself covers phones and iPod Touch only. Usually,

Chromebooks are laptops that use Google’s Chrome browser as the basis for their operating system. We’ve discussed them before but to date most of the models sold in Australia have tended to be low cost models pitched at the education market. As a much more controlled computer there’s less that can go wrong with a

When Apple announced recently that it was going to shift from producing computers using Intel processors to its own “Apple Silicon” it also said that it would still produce some Macs with Intel inside over the next couple of years. That’s just what’s happened with the very first Mac Apple’s released since dropping its Apple

We live in an age where it’s absolutely assumed that the vast majority of your interactions with computers will be with visual interfaces – strictly speaking Graphical User Interfaces if you want to get on the jargon bandwagon – but it certainly wasn’t always that way. To get to the touch, voice and mouse-activated interfaces

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More