Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Hackers’ spear phishing attacks mean business

Hackers’ spear phishing attacks mean business

Spam warning

When people talk about online security they often bring up the need for long and complicated passwords, but strong passwords alone aren’t enough to keep your business safe. Rather than cracking passwords, many recent high-profile business hacks have been the result of hackers tricking staff into clicking on malicious links in emails.

The links often install hidden spyware or grant backdoor access to staff accounts, letting hackers delve further into the organisation. If you think of it like robbing a bank, hackers have found that it’s easier to trick staff into opening the vault rather than trying to crack the combination.

I think we’ve all received spam with eye-catching subject lines such as “you won’t believe this photo of you I found online”. Click on the link or open the attachment and you might unwittingly infect your computer and grant hackers access to your online accounts.

Such scams are known as “phishing” attacks and are aimed at thousands of people, hoping that a handful will take the bait. Phishing attacks aren’t just limited to email, they can also come via instant messaging or social media – any medium which lets hackers tempt you to click on a file or link.

Alternatively you might receive an email from your bank or IT help desk asking you to confirm your details or reset your password. In actual fact you’re handing over your details to hackers. A link might take you to a genuine-looking website which is really a spoof site designed to trick you into handing over your password and other information.

“Spear phishing” attacks involve the same tricks, but these attacks are designed to penetrate the defences of a specific business. Recently high-profile spear phishing attacks have successfully penetrated several major tech companies and news organisations.

Because they’re targeted at specific organisations, spear phishing efforts are much harder to detect than random phishing attacks in broken English. Hackers craft genuine-looking emails and send them to specific staff, often including personal and corporate details to help the email appear more genuine.

These details are often gleaned from the corporate website and social media. The emails might even appear to come from someone else within the organisation, who may have already been hacked.

Rather than spread their spear phishing emails company-wide, hackers can study online corporate directories to handpick their targets and avoid tech-savvy IT staff who are more likely to detect such schemes. The idea is to target someone who won’t question a genuine looking email and will click on the link without thinking twice. Spear phishing attacks can be quite sophisticated and are often used in combination with other tricks as part of a larger scam.

So how do you protect yourself and your business against spear phishing? Unfortunately, there’s no magic bullet. The safest strategy is a combination of staff awareness and technological countermeasures. Start by ensuring anti-virus, anti-malware and anti-spam protection are up-to-date, to hopefully stop spear phishing attacks even reaching their targets.

Also ensure that key software is kept up-to-date with the latest security patches – not just Windows but also software such as Microsoft Office, Adobe Reader, Adobe Flash and Java along with the various web browsers and instant messaging clients.

Of course, the most effective last line of defence is educating staff regarding the dangers of spear phishing and teaching them to think twice before clicking on unusual or unexpected links – even if they seem to come from people they trust. Also cover the basics of online stranger danger and handing over personal information such as passwords, even if they seem like genuine requests.

Acceptable Usage Policies regarding the personal use of work computers might also help reduce the risk from spear phishing. Scammers are known to target personal email and social media accounts in an effort to hack into business systems, relying on the fact that most people are rather lax when it comes to their personal online security.

As a business your staff are probably your greatest asset, but they can also be your weakest link when it comes to security. Alerting them to the dangers of spear phishing might be your best line of defence.

FacebookTwitterGoogle+Share

About Author

David Hancock

David Hancock is the founder and managing director of Geeks2U, a national on-site computer repair and support company.

Recent News

pc-clean

Most people, if given the choice, will try to skip out on doing the evening dishes, or for that matter even loading a dishwasher. It’s not exactly the most thrilling of chores to undertake, but if you don’t clean your dishes somehow, everything ends up dirty and unusable. It’s much the same story for your… More 

fb

Facebook is a service beloved by many, because it makes it so very easy to keep in touch with friends, family, acquaintances and more in an environment that’s generally easy to use and that can be quite fun. It’s one of the world’s busiest web sites, and one of the tech world’s most valuable companies…. More 

browsers

The chances are good that when you browse the web, you’re doing so via Google’s own particular browser, Google Chrome. Chrome has anywhere between 47% to 60% of the browser market sewn up. That might not seem that impressive, but the next largest market share is usually given to Apple’s Safari browser at between 13%… More 

mackeyboarda

Apple sells itself as a premium brand, both in style terms, but also for the quality of the computing equipment it sells. That’s a proposition that can very much become quasi-religious for some folks, although few would suggest that Apple sells bad computing equipment. Wherever you sit on that spectrum, there’s no doubting that consumers… More