Criminals are changing the way they use phishing campaigns, targeting upper management and CEOs. Microsoft is warning users of an increase in “laser phishing”, or “spear phishing” attacks. Microsoft data shows traffic associated with phishing campaigns doubled year over year in September.
A spear phishing attack targets a specific person. This person receives messages from someone they purportedly know or are familiar with. Typically, the email will look like it is coming from this person’s boss or someone even higher up in the company they are working for. A spear phishing attack takes much more time and effort on the part of the criminal to find out everything they can about the person they are attacking. Criminals are using social media to find out things this person is interested in, place of employment, friends, and travel.
This is a big change from phishing attacks we are used to seeing. A normal phishing attack sends out a more generic email to many users often trying to get them to click on a link in an email, or enter a username and password, like your Amazon account information for instance. We talked about this example in our Social Engineering video you can see HERE.
There have been reports of employees in the financial department of a company receiving emails from the CFO or CEO telling them to transfer money to a specific account for an urgent deal they are making. This new form of phishing cost US businesses over a billion dollars in 2018.
What this means for your business:
Educate your users on this new form of phishing. Public facing users are more susceptible like HR recruiters, customer service, and even some admin roles. Your users can be your biggest asset against attacks, or your biggest liability.
Be aware of what personal information you have on social media. Is there anything on there you wouldn’t want a potential scammer to see? Double check your privacy settings and make sure they are set to a level you are comfortable with.
Use smart passwords and two-factor authentication where possible. Don’t use the same password over and over. There are secure password managers that can help manage passwords and keep accounts secure. Microsoft found that using two-factor authentication blocks 99.9% of automated attacks.
Keep your systems patched and updated. When software companies find tactics being used by criminals, they update the software to block some of these attacks. If you are not updating your systems on a regular basis, you are leaving yourself open to known hacking methods.
Do not click links in emails. If there is any question the email could be fake, go straight to the source instead of clicking the link.
Quanexus IT Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
