Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Hackers’ spear phishing attacks mean business

Hackers’ spear phishing attacks mean business

Spam warning

When people talk about online security they often bring up the need for long and complicated passwords, but strong passwords alone aren’t enough to keep your business safe. Rather than cracking passwords, many recent high-profile business hacks have been the result of hackers tricking staff into clicking on malicious links in emails.

The links often install hidden spyware or grant backdoor access to staff accounts, letting hackers delve further into the organisation. If you think of it like robbing a bank, hackers have found that it’s easier to trick staff into opening the vault rather than trying to crack the combination.

I think we’ve all received spam with eye-catching subject lines such as “you won’t believe this photo of you I found online”. Click on the link or open the attachment and you might unwittingly infect your computer and grant hackers access to your online accounts.

Such scams are known as “phishing” attacks and are aimed at thousands of people, hoping that a handful will take the bait. Phishing attacks aren’t just limited to email, they can also come via instant messaging or social media – any medium which lets hackers tempt you to click on a file or link.

Alternatively you might receive an email from your bank or IT help desk asking you to confirm your details or reset your password. In actual fact you’re handing over your details to hackers. A link might take you to a genuine-looking website which is really a spoof site designed to trick you into handing over your password and other information.

“Spear phishing” attacks involve the same tricks, but these attacks are designed to penetrate the defences of a specific business. Recently high-profile spear phishing attacks have successfully penetrated several major tech companies and news organisations.

Because they’re targeted at specific organisations, spear phishing efforts are much harder to detect than random phishing attacks in broken English. Hackers craft genuine-looking emails and send them to specific staff, often including personal and corporate details to help the email appear more genuine.

These details are often gleaned from the corporate website and social media. The emails might even appear to come from someone else within the organisation, who may have already been hacked.

Rather than spread their spear phishing emails company-wide, hackers can study online corporate directories to handpick their targets and avoid tech-savvy IT staff who are more likely to detect such schemes. The idea is to target someone who won’t question a genuine looking email and will click on the link without thinking twice. Spear phishing attacks can be quite sophisticated and are often used in combination with other tricks as part of a larger scam.

So how do you protect yourself and your business against spear phishing? Unfortunately, there’s no magic bullet. The safest strategy is a combination of staff awareness and technological countermeasures. Start by ensuring anti-virus, anti-malware and anti-spam protection are up-to-date, to hopefully stop spear phishing attacks even reaching their targets.

Also ensure that key software is kept up-to-date with the latest security patches – not just Windows but also software such as Microsoft Office, Adobe Reader, Adobe Flash and Java along with the various web browsers and instant messaging clients.

Of course, the most effective last line of defence is educating staff regarding the dangers of spear phishing and teaching them to think twice before clicking on unusual or unexpected links – even if they seem to come from people they trust. Also cover the basics of online stranger danger and handing over personal information such as passwords, even if they seem like genuine requests.

Acceptable Usage Policies regarding the personal use of work computers might also help reduce the risk from spear phishing. Scammers are known to target personal email and social media accounts in an effort to hack into business systems, relying on the fact that most people are rather lax when it comes to their personal online security.

As a business your staff are probably your greatest asset, but they can also be your weakest link when it comes to security. Alerting them to the dangers of spear phishing might be your best line of defence.


About Author

David Hancock

David Hancock is the founder and managing director of Geeks2U, a national on-site computer repair and support company.

Recent News

Video on demand VOD service on smart TV

While Australia’s pay TV giant is dangling the carrot of lower prices and free samples to encourage us to sign up for its Foxtel Play streaming service, it’s also wielding a stick by denying competitors access to popular shows like Game of Thrones and The Walking Dead. For all of Foxtel’s faults, it’s done a… More 


In terms of overall storage security, it’s generally tough to beat cloud-based backup, especially if your cloud provider of choice uses an array of storage locations. With the right provider, your files of choice can be backed up in multiple locations, so even if there’s a massive internet outage, or a fire or some other… More 


After starting out as a minor player, FttDP appears destined to play a key role in Australia’s National Broadband Network. The NBN has become a political football over the last few years, with the network design changing several times along the way. As a result it’s hard to know exactly what kind of connection will… More 


The changing of the seasons presents the perfect opportunity to get into good habits when it comes to keeping your business safe. We all have our annual rituals, like changing the batteries in the office smoke alarm when we adjust the clocks for daylight savings. Just like that smoke alarm, there are digital security issues… More