What Is Spear Phishing and How Can a Company Prevent It?

February 13, 2020 at 9:46 AM / by Juan Fernandez - VP of Managed IT Services

Think your company is entirely impervious to phishing? Think again. Network security may have evolved, but so have the criminals it’s trying to stop. In 2019, phishing took on a new and more sinister tone. It’s called spear phishing, and companies need to be on the lookout for it.

Phishing involves sending counterfeit emails disguised as legitimate communications from organizations like banks or business services. Carefully crafted to look like the real deal, they attempt to trick employees and private citizens into handing over login credentials. Phishers hedge their bets on the fact that people are expecting these communications and won’t look too closely at the actual email.

They work. Cisco estimates that 85 percent of all email was spam, much of it phishing. As most companies rely on emails to communicate, phishing represents a serious concern. Read on to learn about phishing’s more specialized cousin, spear phishing, and how to protect against this latest redesign of one of the oldest cyberattack strategies in the book.

Spear-Phishing: A New Take on an Old Trick

According to Cisco, spear-phishing is a specialized form of phishing. Rather than sending blanket phishing emails to a list of targets, spear phishing is explicitly tailored to the recipient.

The cybercriminal conducting the spear-phishing will spend time researching both the company itself and the individuals who are most susceptible to an attempt. Exactly who that person is may vary, but nobody is particularly safe or more at risk. Cisco discovered that CEOs and high-level executives were just as likely to be targets of spear-phishing attempts as lower-level employees.

Likewise, the nature of a spear-phishing email will change according to the target. High-level executives frequently received spear-phishing emails mimicking investment firms, banks, or business services. Lower-level employees, however, received something substantially more frightening: the business email compromise (BEC) attack.

BEC attacks are a spear phishing tactic that spoofs the email of an executive or high-level manager in a company, sending an email to an employee that instructs them to carry out seemingly legitimate business functions. According to Cisco, 2019 saw an uptick with this new type of attack.

Tips for Preventing Spear Phishing

Phishing is getting harder to prevent because cybercriminals are getting craftier. If the spate of BEC attacks this year is any indication, hackers are willing to spend the time and effort to research their targets to create a targeted email that slips right past even the most advanced security.

However, there are still tactics companies can implement to prevent spear phishing attempts from being successful. Some countertactics include:

  • Establishing an email communication policy: Provide clear guidelines to employees regarding who might email them, when, and why. Instruct employees never to click links or forward confidential information via email. Provide a list of safe login URLs for any business services.
  • Use multi-factor authentication on accounts: Mandate the use of multi-factor authentication so that even if login credentials fall into the wrong hands, they’ll be unable to access accounts without the additional step.
  • Confirm suspicious emails before interacting with them: Train employees to reach out to colleagues in other ways if they feel that an email that they’ve received is illegitimate.
  • Educate staff frequently: Yearly refreshers on cybersecurity and internet safety aren’t enough. Aim to provide short refreshers at least every few months.

How Managed IT Services Can Help

Managed IT services can be a smart move for companies seeking to augment their email security. With the help of these inveterate professionals, companies can beef up their network security. They’ll always be on the lookout to thwart, prevent, and even deter cybercriminals. Managed IT services can:

  • Deploy more sophisticated cybersecurity strategies, such as the use of artificial intelligence to identify and block spear phishing attacks.
  • Properly configure email and internet servers to prevent or quickly spot and remove unauthorized connections.
  • Free up the internal IT department to focus on other aspects of the company’s IT infrastructure.
  • Help promote security best practices and the creation of a security-oriented company culture.

ImageNet Helps Companies Avoid Getting Duped

Phishing is one of the oldest tricks in the books, originating in the early 1990s when email gained popularity. Today, phishing attacks have evolved into a set of sophisticated strategies that are increasingly more difficult to spot. The latest evolution of phishing, spear-phishing, is a dangerous tactic capable of fooling even the most diligent of email recipients. It also shows that a company’s data is so valuable that hackers will spend the energy necessary to create a cleverly crafted email that works.

ImageNet Consulting helps companies secure their networks and prevent cyberattacks of all kinds. Start a conversation with us today to discuss your company’s unique cybersecurity needs.

Topics: MIT

Written by Juan Fernandez - VP of Managed IT Services

Juan Fernandez’s 26-year career in the IT industry is a testament to his investment in improving business outcomes with technology and developing the IT industry. His entire career is dedicated to improving service delivery by embracing effective and efficient use of technology through a vision of technology, security, and compliance for small business, government, education, healthcare, and financial industries. Mr. Fernandez has created effective business models for delivering IT-based services such as DaaS, SaaS, DRaaS, HaaS, XaaS, and promoting online development opportunities to increase individual self-service capabilities and leading strategic initiatives to effectively transform technology to be simple, flexible, adaptable, and responsive to the customer needs. He has focused his career on educating customers and companies on his Making “IT” Simple approach. Mr. Fernandez was recognized at HP’s Global Partner Event in 2019 as HP DaaS Innovator of the Year, alongside ImageNet’s HP Partner of the Year award for 2019. Juan and the ImageNet team won Continuum’s 2019 “Growth Partner of the Year” and “Hyper Growth Partner” for 201% growth in 12 months. Mr. Fernandez is part of the select group who writes the CompTIA A+, Network +, Security + Tests, and sits on the CompTIA Subject Matter Expert Technical Advisory board and the CompTIA Channel Advisor board. He was elected Vice-Chair in 2020. He was the winner of the 2018 Continuum MSP Shark Tank for best security and services presentation, which set the stage for an all-inclusive Security and Device-as-a-Service model, establishing the framework for channel and MSP models. Juan sits on the Forbes Magazine Technology Council, Konica Minolta Global IT Services Council, Unitrends Partner Advisory board, HP DaaS Advisory Committee for Device-as-a-Service, WatchGuard Advisory Board, serves as a Channel Futures MSP Mentor and works with many other channel companies to develop the future of technology and XaaS models.

Linkedin

Subscribe to Our Blog