Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Hackers’ spear phishing attacks mean business

Hackers’ spear phishing attacks mean business

Spam warning

When people talk about online security they often bring up the need for long and complicated passwords, but strong passwords alone aren’t enough to keep your business safe. Rather than cracking passwords, many recent high-profile business hacks have been the result of hackers tricking staff into clicking on malicious links in emails.

The links often install hidden spyware or grant backdoor access to staff accounts, letting hackers delve further into the organisation. If you think of it like robbing a bank, hackers have found that it’s easier to trick staff into opening the vault rather than trying to crack the combination.

I think we’ve all received spam with eye-catching subject lines such as “you won’t believe this photo of you I found online”. Click on the link or open the attachment and you might unwittingly infect your computer and grant hackers access to your online accounts.

Such scams are known as “phishing” attacks and are aimed at thousands of people, hoping that a handful will take the bait. Phishing attacks aren’t just limited to email, they can also come via instant messaging or social media – any medium which lets hackers tempt you to click on a file or link.

Alternatively you might receive an email from your bank or IT help desk asking you to confirm your details or reset your password. In actual fact you’re handing over your details to hackers. A link might take you to a genuine-looking website which is really a spoof site designed to trick you into handing over your password and other information.

“Spear phishing” attacks involve the same tricks, but these attacks are designed to penetrate the defences of a specific business. Recently high-profile spear phishing attacks have successfully penetrated several major tech companies and news organisations.

Because they’re targeted at specific organisations, spear phishing efforts are much harder to detect than random phishing attacks in broken English. Hackers craft genuine-looking emails and send them to specific staff, often including personal and corporate details to help the email appear more genuine.

These details are often gleaned from the corporate website and social media. The emails might even appear to come from someone else within the organisation, who may have already been hacked.

Rather than spread their spear phishing emails company-wide, hackers can study online corporate directories to handpick their targets and avoid tech-savvy IT staff who are more likely to detect such schemes. The idea is to target someone who won’t question a genuine looking email and will click on the link without thinking twice. Spear phishing attacks can be quite sophisticated and are often used in combination with other tricks as part of a larger scam.

So how do you protect yourself and your business against spear phishing? Unfortunately, there’s no magic bullet. The safest strategy is a combination of staff awareness and technological countermeasures. Start by ensuring anti-virus, anti-malware and anti-spam protection are up-to-date, to hopefully stop spear phishing attacks even reaching their targets.

Also ensure that key software is kept up-to-date with the latest security patches – not just Windows but also software such as Microsoft Office, Adobe Reader, Adobe Flash and Java along with the various web browsers and instant messaging clients.

Of course, the most effective last line of defence is educating staff regarding the dangers of spear phishing and teaching them to think twice before clicking on unusual or unexpected links – even if they seem to come from people they trust. Also cover the basics of online stranger danger and handing over personal information such as passwords, even if they seem like genuine requests.

Acceptable Usage Policies regarding the personal use of work computers might also help reduce the risk from spear phishing. Scammers are known to target personal email and social media accounts in an effort to hack into business systems, relying on the fact that most people are rather lax when it comes to their personal online security.

As a business your staff are probably your greatest asset, but they can also be your weakest link when it comes to security. Alerting them to the dangers of spear phishing might be your best line of defence.

Share

About Author

David Hancock

David Hancock is the founder and managing director of Geeks2U, a national on-site computer repair and support company.

Recent News

Popular social media destination Facebook made worldwide headlines recently, and not for the kinds of reasons that Facebook might want to be noticed. That’s because for a roughly 12 hour period, access not just to Facebook, but also Instagram and Whatsapp — all services owned and operated by Facebook — consumers worldwide had issues connecting… More 

There’s a well-known test that taxi drivers in London have to sit, called “The Knowledge”, that can take years to pass, detailing just about every street in the UK’s very disorganised capital road system. It’s tough learning that many roads, although it may have side benefits, with some studies suggesting that London black cab drivers… More 

Not that long ago, Apple surprised everyone by updating its line of Mac Mini computers. The Mac Mini isn’t like any other Mac that Apple sells. Where much of its output is in laptops, or the 2-in-1 style iMac computers, the Mac Mini is instead a “headless” computer — a fancy way of saying that… More 

There’s been a lot of speculation around foldable phones in the past 12 months, fuelled by the hype from the manufacturers busy producing devices that can fold from phone to tablet and back again — or even crazier concepts, like phones that become slap bands when you place them around your wrist. That latter idea… More