Binary code with the word spear phishing in red

What is a Spear Phishing attack and How Can it be Prevented?

Email scams and fraud have been around since the inception of email. Due to this, security has become more advanced and email users more aware of potential threats. As a result, hackers and spammers have become more sophisticatedRead on to learn about what is a spear phishing attack and how to prevent it. 

What is Spear Phishing Attack?

Spear phishing is a form of cyberattack that uses email to target individuals to steal sensitive/confidential informationThis information can include account credentials, financial information, etc.  

The attacker disguises themselves, by sending an email that looks like it is from a trusted source (friend, entity, etc.), to acquire sensitive information. They gain this trust by using the information on the victim that they have found online.

How is Spear Phishing different than Phishing? 

It is important to note that these types of attacks are similar. However, there are key differences to be aware of:

Phishing Attacks

  • Not personalized
  • The emails are broad and automated, the goal is to send as many emails as possible
  • Normally one-and-done attacks

Spear Phishing Attacks

  • Personalized
  • Highly targeted attacks, often going after a specific target
  • The attacker thoroughly researches the target
  • Spear-Phishing emails are often just the beginning of the attack

How it is Done 

The attacker will look at online profiles to find information on the victim such as:

  • Email addresses
  • Geographic location
  • Friend lists
  • Job title
  • etc.

As a result of having this information, the attacker can pose as a familiar entity or friend and sends a convincing fraudulent message. These types of emails often have urgent warnings or explanations as to why the victim needs to act and provide sensitive information.

These types of scammers typically use two methods. Malicious attachments or spoofed websites.

Malicious Attachments

The target will be asked to open a malicious attachment. This will download malicious files/software onto the device allowing more access to personal data or internal networks.

Spoofed Websites

In the second type of attack, the email will claim that the target needs to change where money is being sent (paycheck, payment to a vendor). The link to do this will be a spoofed website. This link will not take the target to an actual website, but a fake one that the attacker has access to.

Once one of these actions has been taken by the victim, the attacker can then use the stolen information for any malicious activity they want.

How to Avoid Spear Phishing

There is no one way to fully protect against Spear Phishing attacks. However, there are steps that can be taken to guard against these types of attacks. Here are some of our top recommendations:  

  • Do not have a list of all email addresses of all employees on your website
  • Never send out sensitive personal information via email
  • Use strong passwords
  • Frequently update operating systems, application and security software
  • Do not click links in emails unless you know they are 100% reputable 
  • Implement security awareness training at your company  
  •  Be sure to use logic when opening an email: 
    • Ensure if a friend sends an email asking for personal information, reach out to the friend prior to taking any action 
    • A business should never send an email asking you for your username and password or any sensitive account information

To learn more about protecting yourself from this type of attack or if you think you have fallen victim please contact us.

SSL in a Browser Bar

The Benefits of an SSL

It may not seem like a little “s” at the beginning of a URL would make a big impact, but it does. Read more to find out why this little letter can help you better reach your audience and build consumer confidence.

What is an SSL?

An SSL is an extra layer of security that helps to protect data transmitted across the Internet by adding an additional layer of encryption.

A more technical definition is that an SSL (Secure Sockets Layer) is a standard in security technology. It is used to establish encryption between a web browser and a server. Using this link, data can pass securely from the web server and browser.

How do I know if my Site has an SSL?

You will know your website is secured by an SSL if you see one of the following:

  • On Chrome, Safari, Firefox and Microsoft Edge, you will see a lock next to the website address
  • If your site has https: in front of the domain name (example https://domain.com or https://www.domain.com)

Benefits of an SSL

The top benefits of an SSL are:

  • Prove your website is secure
  • Protect yourself and users against hackers and identity theft
  • Improve ranking in search engine results
  • Increases user confidence that your website is safe, reputable and secure for interaction
  • Displays as secure (without a warning from Google or other web browsers)
  • Increased data security

Should you add an SSL to your Website?

Our professional opinion is if you do not have an SSL, you should add one. Here are our top reasons:

1. Loss of user Confidence

Due to this, website visitors are more likely to abandon your site out of caution, and you will miss out on the other added benefits of having an SSL.

Not only will users see your website as “unsecured” when they go directly to your site but in Google search results. This is due to the fact that the URL for the search term is shown in the search results. From looking at the results, users will clearly see if the site URL has https or http in front of it.

Showing a secured site in google search

2. Google Gets “Angry”

Furthermore, as a standard, more and more websites are integrating an SSL.  For that reason, Google is leading the pack with this trend by flagging websites that are not secure with a large red warning screen.

3. Negative Impact on SEO

A website that is not secure can have a negative impact on SEO.  Search engines will not value your website as high as those with an SSL.

How to get an SSL

These are available from website hosting providers. If you would like more information on getting one from Tidal Media Group, please contact us.