A recent Federal Bureau of Investigation analysis has found that a sophisticated e-mail scam, known as spear phishing, has accounted for over $26 billion dollars in net losses for individuals and businesses since they first became aware of the scheme years ago. In an PSA article entitled, “Business E-mail Compromise the $26 Billion Scam,” the FBI includes details and data as to the most common ways users fall for these scams and how to avoid them.
What Are Spear Phishing Attacks?
As e-mail is the primary means for communication for just about everyone, it has become a prime target for cyber criminals and scammers. A spear phishing attack works by masking itself as a legitimate e-mail by another person or company requesting personal information and/or passwords.
One common example of a spear phishing e-mail would be if you receive an e-mail requesting that you click a link to reset your password even if you never requested a password change from the service or company requesting the reset. Clicking said link may even take you to a website that looks completely legitimate but is actually controlled by another source.
Other spear phishing e-mails may simply request particular information such as your name, address, phone number or other personal data.
Take a look at the following image:
Note that the recipient is being asked to change their passwords simply because it “hasn’t been changed in a while.” A company or organization will never request that you change your password unless you explicitly request to do so directly to them.
Other tells to look for include the “sent from” address. The e-mail sending this e-mail is from a Gmail account and includes a very long name which includes a misspelling of ‘Gmail’. A company will never send you an e-mail that includes typos or misspellings in the name of a legit account. It also asks the user to click on a URL, which should never happen if the request were legitimate. Being aware of the common concepts of these e-mail scams will help you avoid them.
Avoiding Spear Phishing Attacks and Similar Scams
You and your business can avoid spear phishing attacks by implementing the right security protocols and by educating your employees about these types of intrusions. Luckily, most e-mail spam filters are able to stop spear phishing e-mail scams from reaching your inbox in the first place. Being a Managed IT services company, Natural Networks can also help provide your business with a robust spam filter that can do exactly that.
Additionally, in order to further strengthen your company against hackers, Natural Networks also provides a service that can help identify and educate users at your business who are susceptible to phishing e-mail attacks. Our Cybersecurity Awareness Program empowers your first layer of defense – your employees – by sending your users an e-mail that is disguised as a phishing e-mail, and identifying which employees clicked on it and responded to it. In addition, this robust program provides you with invaluable services, like weekly micro-trainings, informative security newsletters, continuous dark web breach assessments and security risk assessments.
If you’re interested in learning more about e-mail protection and other services that can protect you and your business from cyber intrusion, contact us today!
