16th of November 2016:
Let’s go fishing!
Spear Phishing is one of the most difficult cyber-attacks that can be stopped completely. The attacker will use any available information about the victim and combine with the social-engineering techniques, in other words, the attackers know about you therefore Spear Phishing is no different to Telephone Scamming.
Spear Phishing relies heavily on human interaction, often involves tricking people into breaking normal security procedures. It is important to train staff to:
- Immediately be wary of emails requesting something out of the ordinary, even if the email appears to originate from a known colleague.
- Be particularly wary of wire fund transfer requests, especially if they ask you to transfer money into foreign bank accounts.
- Always call the person in question to clarify their request – but avoid using the number in the signature of the email, as this is likely to have been forged using the cyber-criminals details.
By investing in a premium email filtering solution and a next-generation firewall could also increase the effectiveness of identifying and blocking a range of spear phishing emails before they get into the inbox.