How many friends do you have on Facebook? A hundred? Thousands? And how many of them do you actually know—maybe half? Perhaps less than that? Do you have a Twitter account? How about Pinterest, YouTube, or Google+?
In the age of social media, privacy has become a thing of the past. Information about our likes, our dislikes, who we know, and what we do is all posted on a public bulletin board for anyone to see. And to keep our friend list growing, we don’t hesitate to approve requests from “friends” whether we know them or not.
Hackers and cyber organizations, like well-trained military personnel, invest significant time and effort in intelligence gathering and reconnaissance, by combing social media networks like Facebook, Twitter, and YouTube.
“Spear-phishing email attachments are difficult to spot from normal document attachments passed on from user to user each day in a corporate environment, increasing the likelihood of successful computer infection.” — Trend Micro, Spear-Phishing Email: Most Favored APT Attack Bait
Would you open an email message with the subject “You’ve won the lottery” when, in fact, you have never even bought a lottery ticket? All you need to do, says the message, is fill out information in an attached Word document. Chances are you would immediately delete such a message. But what about an email message with a Word file from a friend or colleague?
After choosing you as their target, hackers use social media to learn who you are, what you like, and whom you know. If you get an email message with an attached PDF file from Mike in the accounting department or a message containing a resume related to a position that your company needs to fill, you will most likely open the attachment—and possibly enable a hacker’s malware to access your system. Using the information you most generously posted on the Internet, criminals personalize their attacks to circumvent not only your spam filter but also your ultimate line of defense—your instinct.
“The number of spear-phishing campaigns increased by 8 percent in 2014, while the number of daily attacks decreased as attackers become more patient, lying in wait and crafting more subtle attacks boosted by longer-term reconnaissance.” — Symantec, 2015 Internet Security Threat Report
So what can you do to protect yourself and your business?
- Educate. No matter how well you protect yourself, the weakest link in any organization is the human factor. Educate your employees about cybercrime and ways to protect the company against it. Remind them to always be suspicious of incoming email.
- Stay up to date. Spear phishing was found by Trend Micro to be responsible for 91% of all APTs (Trend Micro, 2012, Spear-Phishing Email: Most Favored APT Attack Bait). Make sure your software is up to date, and keep abreast of security news to find out about the latest zero-day exploits and CVEs.
- Leave it to the pros. No matter how good you think your security is, cybercriminals’ tactics are much better. A well-placed cybersecurity countermeasure can save you precious time and money.
The Votiro Secure Email Gateway eliminates threats before they enter your organization. By scanning and cleansing all files attached to email messages coming into your network, the service helps keep your customers’ credit card information, passwords, and other sensitive data safe.
Take a 30-day free trial with no commitment. Contact us at email@example.com.