Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Hackers’ spear phishing attacks mean business

Hackers’ spear phishing attacks mean business

Spam warning

When people talk about online security they often bring up the need for long and complicated passwords, but strong passwords alone aren’t enough to keep your business safe. Rather than cracking passwords, many recent high-profile business hacks have been the result of hackers tricking staff into clicking on malicious links in emails.

The links often install hidden spyware or grant backdoor access to staff accounts, letting hackers delve further into the organisation. If you think of it like robbing a bank, hackers have found that it’s easier to trick staff into opening the vault rather than trying to crack the combination.

I think we’ve all received spam with eye-catching subject lines such as “you won’t believe this photo of you I found online”. Click on the link or open the attachment and you might unwittingly infect your computer and grant hackers access to your online accounts.

Such scams are known as “phishing” attacks and are aimed at thousands of people, hoping that a handful will take the bait. Phishing attacks aren’t just limited to email, they can also come via instant messaging or social media – any medium which lets hackers tempt you to click on a file or link.

Alternatively you might receive an email from your bank or IT help desk asking you to confirm your details or reset your password. In actual fact you’re handing over your details to hackers. A link might take you to a genuine-looking website which is really a spoof site designed to trick you into handing over your password and other information.

“Spear phishing” attacks involve the same tricks, but these attacks are designed to penetrate the defences of a specific business. Recently high-profile spear phishing attacks have successfully penetrated several major tech companies and news organisations.

Because they’re targeted at specific organisations, spear phishing efforts are much harder to detect than random phishing attacks in broken English. Hackers craft genuine-looking emails and send them to specific staff, often including personal and corporate details to help the email appear more genuine.

These details are often gleaned from the corporate website and social media. The emails might even appear to come from someone else within the organisation, who may have already been hacked.

Rather than spread their spear phishing emails company-wide, hackers can study online corporate directories to handpick their targets and avoid tech-savvy IT staff who are more likely to detect such schemes. The idea is to target someone who won’t question a genuine looking email and will click on the link without thinking twice. Spear phishing attacks can be quite sophisticated and are often used in combination with other tricks as part of a larger scam.

So how do you protect yourself and your business against spear phishing? Unfortunately, there’s no magic bullet. The safest strategy is a combination of staff awareness and technological countermeasures. Start by ensuring anti-virus, anti-malware and anti-spam protection are up-to-date, to hopefully stop spear phishing attacks even reaching their targets.

Also ensure that key software is kept up-to-date with the latest security patches – not just Windows but also software such as Microsoft Office, Adobe Reader, Adobe Flash and Java along with the various web browsers and instant messaging clients.

Of course, the most effective last line of defence is educating staff regarding the dangers of spear phishing and teaching them to think twice before clicking on unusual or unexpected links – even if they seem to come from people they trust. Also cover the basics of online stranger danger and handing over personal information such as passwords, even if they seem like genuine requests.

Acceptable Usage Policies regarding the personal use of work computers might also help reduce the risk from spear phishing. Scammers are known to target personal email and social media accounts in an effort to hack into business systems, relying on the fact that most people are rather lax when it comes to their personal online security.

As a business your staff are probably your greatest asset, but they can also be your weakest link when it comes to security. Alerting them to the dangers of spear phishing might be your best line of defence.


About Author

David Hancock

David Hancock is the founder and managing director of Geeks2U, a national on-site computer repair and support company.

Recent News

As I’m writing this, the Consumer Electronics Show that would usually take place in Las Vegas is instead being staged entirely online, due to the ongoing pandemic issues. CES has for the longest time been the place where big consumer electronics companies show off their latest TV innovations, and while it’s not debuting this year,

Like many Australians, I survive our hotter summer months thanks to the invention of air conditioning. Not that I can’t sweat it out when I have to, but equally, a good AC unit can make a hotbox of a home into something considerably more comfortable. Air conditioning isn’t a new invention – I looked it

While it has a lot of products in the tech space, for many people Google is synonymous with the product that made its fortune in the first place. Indeed, for a lot of folks, the words “search” and “Google” are freely interchangeable when they’re talking about looking up online content, no matter what that content

We’ve had speakers in our homes for many years now, but the advent of the “smart” speaker is a relatively new phenomenon. If you’re wondering what the difference is, it’s fundamentally to do with the inclusion of a microphone, an internet connection and a smart assistant that can hook into streaming music services as well

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More