Don’t Become a Spear-Phishing Target: How to Protect Your Organization

How many friends do you have on Facebook? A hundred? Thousands? And how many of them do you actually know—maybe half? Perhaps less than that? Do you have a Twitter account? How about Pinterest, YouTube, or Google+?

In the age of social media, privacy has become a thing of the past. Think about all of the information you’ve given to social media platforms, both knowingly and unknowingly. Whether you’ve logged into a new app using Facebook, or swiped up on an Instagram advertisement, you’re spreading your information wherever you go. Information about our likes, our dislikes, who we know, and what we do is all posted on a public bulletin board for anyone to see. And to keep our friend list growing, we often don’t hesitate to approve requests from “friends” whether we know them or not. Little do we know, however, that in doing so, we’re becoming the perfect spear-phishing targets. Let’s take a closer look at the makings of a spear-phishing target, how you can protect yourself and your organization, and how Votiro can help. 

Finding the Perfect Spear-Phishing Target

Hackers and cyber organizations, like well-trained military personnel, invest significant time and effort in intelligence gathering and reconnaissance by combing social media networks like Facebook, Twitter, and YouTube. In doing so, they are identifying the perfect spear-phishing target. Spear-phishing is a scam carried out over email or another communication platform on the web that is targeted towards an individual or an organization. The goal of spear-phishing is to steal data or, sometimes, install malware on the spear-phishing target’s device. And with the level of information we’re unknowingly handing out on a daily basis, this practice has only gotten easier for hackers. 

“Spear-phishing email attachments are difficult to spot from normal document attachments passed on from user to user each day in a corporate environment, increasing the likelihood of successful computer infection.” — Trend Micro, Spear-Phishing Email: Most Favored APT Attack Bait

So, think about it: Would you open an email message with the subject “You’ve won the lottery” when, in fact, you have never even bought a lottery ticket? All you need to do, says the message, is fill out the information in an attached Word document. Chances are you would immediately delete such a message. But what about an email message with a Word file from a friend or colleague? In the right context and at the right time, it is much easier to fall for a spear-phishing scam, unfortunately. All hackers need to do is refer back to the data they have on you and plot their best move.

Carrying Out a Spear-Phishing Scam

After choosing you as their spear-phishing target, hackers use social media to learn who you are, what you like, and whom you know. If you get an email message with an attached PDF file from Mike in the accounting department, or a message containing a resume related to a position that your company needs to fill, you will most likely open the attachment. From there, you may possibly enable a hacker’s malware to access your system. 

Using the information you most generously posted on the Internet, criminals can personalize their attacks to circumvent not only your spam filter but also your ultimate line of defense—your instinct. While you may feel as though you have enough phishing awareness training in place that no one within your organization would ever fall for such a scam, think again. According to GreatHorn’s Business Email Compromise Report, 65% of organizations report they’ve experienced a spear-phishing attack within the last 12 months. And, unfortunately, that number is only expected to rise as cybercriminals become more and more sophisticated.

Never Become a Spear-Phishing Target Again with the Help of Votiro

While it appears as though no organization is immune from a spear-phishing attack, there are certain measures you can take to reduce your risk. So, what can you do to protect yourself and your business?

• Educate. No matter how well you protect yourself, the weakest link in any organization is the human factor. Educate your employees about social engineering, cybercrime, and ways to protect the company against it. Remind them to always be suspicious of incoming email.
• Stay up to date. Make sure your software is up to date, and keep abreast of security news to find out about the latest zero-day exploits and CVEs.
• Leave it to the pros. No matter how good you think your security is, cybercriminals’ tactics are much better. A well-placed cybersecurity countermeasure can save you precious time and money.

Ready to take control of your security strategy? Votiro eliminates threats before they ever enter your organization’s network. By scanning and coming into your network, we help keep your employees’ and customers’ credit card information, passwords, and other sensitive data safe. With the help of Votiro, you will never have to worry about being the target of a spear-phishing scam again.