Spear phishing is one of the most reliable social engineering methods employed by hackers. The Exclusive
These numbers increase when it comes to more targeted attacks on CEOs.
Spear Phishing is an attack targeted at a defined target, for which the hacker creates a false narrative or passes it off as a trusted person to steal credentials or information that may be used to infiltrate your networks or to install malware. Generally, it is an email to an individual or group targeted that seems to come from a secure or known source.
Exclusive Networks, together with Varonis, a brand that distributes in the world, spread the 7 tips to help you (and your company) avoid being a victim of a spear phishing attack.
- Be skeptical: if you want to avoid being cheated, you need to ask questions of yourself and who sends you the email or message. As a general rule, do not immediately comply with the first request received. Ask a question, “Why do I need this?” “What can you do with this data?” “No, I will not buy a gift card.”
- Be aware of your online presence: spear phishing practitioners depend on a certain amount of familiarity with the target. The more information you share with the general public, the more information you are passing on to a spear phisher.
- Inspect the link: Visually inspect the links you receive in your emails by hovering over them. Hackers are very good at masking URLs or making them look alike enough to fool our brains, making us think they’re okay. Check and validate the links.
- Do not click on the link: instead of clicking the link in the email, use your browser and manually navigate to the destination. Avoiding a link sent in the email of a spear phisher is halfway to ensure that it is not being directed to a malicious website. Make it a habit to access the sites you trust, not by clicking on the link but using the https address and use your favorites to follow this navigation.
- Be smart with your passwords : we all know that a modern computer can easily break a short password. You must use passwords with at least 16 alphanumeric characters: write them down or use a password generator service. Changing passwords regularly and practicing basic Internet security to keep your data safe is also recommended.
- Keep your software up-to-date : security specialists and malware vendors are today in an authentic cyber race that holds us all in the middle. Security experts do their best to update their antivirus and security software to address the latest known attacks and patch vulnerabilities. But the evolution and opportunities for attack are constant. As a consumer, it is important to stay current: fix vulnerabilities and update security and software configurations.
- Implement a company-wide data security strategy: If 1 in 100 attempts at spear phishing succeeds, some of your data is more than likely to be compromised. A compromised user can put the entire network at risk. Implement a layered security technique to protect your business against spear phishing – and never underestimate the value of educating employees with security awareness training.