How to Protect Your Business Against Spear-Phishing Emails

Jul 30, 2018

protect your business against spear-phishing emailsCyberattacks and resulting data breaches often begin with a spear-phishing email. Spear phishing differs from regular email phishing in its use of extensive research to target a specific audience, which allows the spear phisher to pose as a familiar and trusted entity in its email to a mark. To protect your business against spear-phishing emails, you need to know what the attackers are looking for and how they try to access it. Spear phishers seek a company’s valuable information—such as credentials providing access to customer lists, trade secrets, and confidential employee information—and some of their methods include:

  • Directing email recipients to fake (but authentic-looking) websites that ask for information like account numbers, and passwords or other credentials.
  • Inducing recipients to click on links or attachments that download malware onto the recipient’s computer. The malware often allows the phisher to steal passwords and sensitive data by, for example, tracking keystrokes.

The IRS offers the following tips to protect against spear phishing:

  1. Educate all employees about phishing in general and spear phishing in particular.
  2. Use strong, unique passwords with a mix of letters, numbers, and special characters. Also remember to use different passwords for each account.
  3. Never take an email from a familiar source at face value, especially if it asks you to open a link or attachment, or includes a threat about a dire consequence that will result if you fail to take action.
  4. If an email contains a link, hover your cursor over the link to see the web address (URL) destination. If it’s not a URL you recognize, or if it’s an abbreviated URL, don’t open it.
  5. Poor grammar and odd wording are warning signs of a spear-phishing email.
  6. Consider calling the sender to confirm the authenticity of an email you’re unsure of, but don’t use the phone number in the email.
  7. Use security software that updates automatically to help defend against malware, viruses, and known phishing sites.

GTM clients can rest easy knowing their data is secure. Because we firmly believe in protecting our clients and partners and their confidential information, GTM voluntarily undergoes a rigorous examination and assessment process for SOC-1 compliance, an internationally-recognized standard developed by the American Institute of Certified Public Accountants (AICPA) that is recognized as a mark of service quality.

 

Source: “Protect Your Business Against Spear-Phishing Emails” by Zywave

Interested in our HR consulting services?

Fill out the form below to have a GTM representative contact you to go over your options.

LinkedIn
LinkedIn
Share
Skip to content