SMX, a cloud email security provider, issued a warning to its clients and partners after escalating incidents of highly-sophisticated targeted email fraud. These email scams are known as spear phishing and whaling attacks. According to the New Zealand National Cyber Security Centre (NCSC), in a report published in August 2015, spear phishing emails are also targeting a number of various government agencies in New Zealand.
All Kiwi businesses are at risk – large or small. In fact, according to Symantec’s 2015 Internet Security Threat Report, 60% of all spear-phishing targeted attacks struck small and medium-sized organisations. SOHO Systems provides a leading network security system; as such, we would prefer to help Auckland businesses in the prevention of these attacks, instead of dealing with the debilitating aftermath of these sophisticated scams.
What is Spear Phishing
Spear Phishing is not to be confused with common phishing attacks that target a wider audience. Spear Phishing occurs when cyber criminals target individual staff members in a specific company. These cyber thieves employ tactics such as enticement, impersonation, and use email filters and antivirus programs to gain access to your company’s valuable data.
What is a Whaling Attack?
Whaling attacks are when spear phishers are able to attack senior executives or chief financial officers within a specific firm.
How are they doing it?
Essentially the phisher is attempting to infiltrate your computer network. They will take a look at your website and obtain the names and email addresses of your employees. They will look at social networking pages such as Facebook and Twitter, to gain even further information. Thom Hooker, SMX’s co-founder and chief technology officer, says that these attackers will even follow up with phone calls (coined as vishing, or voice vishing) to make it seem legitimate.
Spear Phishers are patient, subtle, and savvy.
After they have gathered certain information, they follow up with customised, compelling emails. These emails will contain infected attachments or links with special offers or useful information. These attachments/links contain malware that will download on the employee’s computer and get through the company’s firewall. These phishers are extremely sophisticated. They will build a relationship with the employee to gain their trust. They are patient, subtle, and savvy. Once they are in, they will work at full speed to get the information to the highest bidder before the breach is discovered.
Defend Your Company Against Spear Phishing
Train Your Staff to Not Take the Bait!
Small to mid-sized businesses are especially vulnerable because they have a relatively smaller IT staff and more likely to have less security infrastructure in place. The first thing you must do is train your employees not to take the bait. Some of these emails contain strange vocabulary and misspellings. However, the best way to reduce targeted cyber attacks is to protect your precious data with a leading network security system.