Targeted (Spear) Phishing Emails
There’s no doubt that you have been told before “don’t click on a suspicious link”, but what happens when that email appears to come from someone you know or work with?
Targeted phishing or spear phishing is an email fraud attempt that targets a specific companies, seeking access to confidential data. These attacks are normally conducted by people who are out for your credit card details, bank account numbers, passwords, a quick money transfer and/or the financial information on your PC. In most cases this may seem strange and easily ignored but how does your company protect its funds and processes against this?
Spear phishing is a more targeted form of phishing, whereas ordinary phishing involves malicious emails sent to any random email account, spear phishing emails are designed to appear to come from someone the recipient knows and trusts.
Although firewall and other security products may help to prevent other kinds of malicious traffic from entering your network, email is generally considered legitimate and trusted traffic and is therefore allowed into the network. Email filtering systems can catch some phishing attempts, but they don’t catch them all.
These phishing emails are very convincing, so much so that they will sometimes have the correct email signature, will reference someone else you know in the email, and they will quite often send reminders and ask for updates on the task. And let’s face it, we skim through our emails so quickly these days trying to get everything done in the 8 hours a day we have that we don’t usually think twice about an email from a known source.
So, what should you take from all this?
While it is convenient to verify business activities i.e. money transfers via email, we would highly (HIGHLY) recommend having a phone or non-email procedure in place to verify this kind of activity. We have seen this type of targeted phishing work in our client base but luckily the internal processes of the client caught it before any damage was done.
Please contact any of our team if you have the slightest concern about an email or any questions about how we can help you protect your business.
Focus Technical Support
- 03 211 0099
- service@focus.net.nz