Get in touch with us today to find out how can we help you.
Phishing scams โ and, increasingly, spear-phishing scams โ are the number one way that cyber hackers gain access to closed computer systems, steal information and money, and corrupt data.
Letโs take a look at what phishing and spear-phishing scams really are, how you can spot them, and how to help your organization avoid their highly detrimental consequences.
Phishing and spear-phishing: Whatโs the difference?
Both phishing and spear-phishing are forms of email-based cyberattacks.
Essentially, both terms refer to email-based attacks that attempt to gain personal or sensitive information using deceptive or disguised emails appearing to be from legitimate sources.
Phishingย is the broad term for these attacks.ย Spear phishingย only differs in that these email attacks areย specifically targeted at an individual. This may mean that the email includes the individualโs actual name, address, and/or phone number. Or, the email may reference other personal information, such as the individualโs workplace, work position, alma mater, or where they bank.
Here are some examples of spear-phishing emails you may have seen before:
- An email appearing to be from your actual bank: โDear YOUR NAME, Your debit card may have been compromised. Click here to login to your account and check your statement.โ
- An email appearing to be from a store where you frequently shop online:ย โYour recent order from XXX STORE has been dispatched. Goย hereย to track your shipment.โ
Notice that each example includes a place where you should click. This is by design. Often, simply opening a phishing email will not result in any issues; however,ย clicking on a link inside the emailย can actually be enough to cause the bulk of the issues (sometimes,ย majorย issues). A police department employee in Florida recently opened a phishing email link that led to ransomware being installed on the cityโs computer system. In the end, the ransomware cost the city hundreds of thousands of dollars.
How can clicking on a simple link end in such disaster?
The answer is malware.
Malware is a shortened term for malicious software. This software can be automatically downloaded to your computer and/or entire computer system and network by a โtrap door.โ These trap doors are disguised as links, attachments, login fields, or downloads, which are embedded within phishing emails.
If hackers can get a spear-phishing target to click on their โtrap door,โ they can use that gateway to install malware onto your system. And once this happens, your entire network and data are at risk.
How Can You Spot a Phishing Email?
Phishing emails often have specific features, which should raise red flags right away:
- The message is unusual (comes at an odd time, is from someone you donโt know, is in a bizarre tone, makes a bizarre or out-of-the-blue request).
- The message makes you panic (e.g., โYour money has been stolen!โ).
- The message is threatening (e.g., โIf you donโt click here now, you risk losing your job.โ).
- Itโs written poorly, as if by a non-English speaker.
- The email includes personal information โฆ but not very much.
- The senderโs email address or the web address they want you to navigate doesnโt look right.
What Should You Do if You Think Youโve Received a Spear Phishing Email?
If you think you or someone else in your company has received a phishing email,ย do nothingย at first. Remember that clicking on links, downloading attachments, and opening files or pictures are all the things that hackersย want you to do, which is exactly why you should never do them if you are suspicious of an email.
On the other hand, some emails may be clearly legitimate. Itโs important to know the difference.
For example, if you speak to Ross from accounting in person by the water cooler, and he tells you heโll be sending over an invoice you need to sign in the next 10 minutes, if you get an email with an invoice attachment from Ross in the next 10 minutes, the emailโs probably okay.
If you get an email from Ross out of the blue on a Saturday? And you didnโt expect it? And itโs not in the tone that Ross usually uses?
This is when you shouldnโt do anything.ย Instead, check the legitimacy of the email. Do this either in-person or over the phone. For example, call Ross or wait until Monday to speak with him personally. Double-check that he sent the email. If it turns out the email cannot be accounted for, contact your companyโs IT security department immediately.
Train Your Employees to Spot Phishing and Spear Phishing Emails
Understanding and following these guidelines as a CEO or manager is important, but remember that spear-phishing emails can target your employees as well.
For this reason, ensure that all of your employees know and understand:
- What phishing and spear-phishing emails are
- How to spot these emails
- What you should never do with a suspicious email (click, download, or login via the emailโs prompt)
- What to do if they suspect theyโve received a phishing email
By following these guidelines, you can keep your business safe from phishing scams and the subsequent ramifications.
Further reading
ICS is a Texas-based 40-year-old technology company specializing in Managed IT, VoIP, Video Conferencing and Video Surveillance solutions for US and International businesses. ICS has over 4000 regional installations and specializes in multi-site businesses between 25 and 2500 employees. ICS’s customers enjoy the experience of ICS’s Total Care program which provides clients flat fee services with obsolescence and growth protection. Whether a customer elects to deploy their IT, Video Conferencing or VoIP in the cloud or on the customer’s premise, ICS can provide a full turn-key solution for our clients under one flat monthly fee.