Cyber security threats increase daily but how do you identify a spear phishing email so you can protect your information and organization?
Spear phishing email is a highly targeted form of phishing cyber-attacks that involves fake emails being sent to victims that have been well search including social media such as LinkedIn, Facebook, Instagram, Twitter, and your company website as they attempt to steal confidential information.
These are well planned and staged accounts which make it hard to spot without close inspection. As a leading managed IT services provider in Toronto, we always recommend industry best practices when setting up IT security as well as ongoing training for employees such as Cyber Security Training and Dark Web Monitoring.
Over 91% of cyberattacks begin with a well-engineered spear phishing email based on managed security services providers and IT security research firms. This shows that users are the weakest link in IT security.
How do you identify a spear phishing email? Here are five areas that can help to identify them.
- Look at the sender address in the email
Cyber criminals use spear phishing to trick users into thinking an email address is legitimate. They use a wide variety of email spoofing techniques including impersonation of display name. If you are on a mobile device such as a smart phone, always expand the sender’s name of suspicious emails so you can see the entire email address. You should also check for subtle differences in the domain name.
- Look at the subject line in the email message
Hackers use spear phishing emails with urgent subject lines to capture the potential victim’s immediate attention. This causes pressure and the need for an employee to respond to the email. These sophisticated spear phishing cyber criminals may be subtle, but the subject line will be financial in nature, including the keywords purchase, invoice, direct deposit, or similar language.
- Look at the body of the email message
Another important part will include the body of the email as it will almost always include a financial request of some nature. Cyber criminals spear phishing can often use language designed to make the victim feel that they are the only person who can help. They also make the victim feel that it must be done in a timely manner or it could be detrimental to the business.
- Look at the pretexting in the email message
So what is pretexting? It is a form of social engineering in which a cybercriminal engage a potential victim over the course of time with multiple emails to gain the victim’s trust. Once the achieve the information they want, they engage in small talk getting them to where they are vulnerable.
- Look at the signature in the email message
Hackers often include an additional line in the email signature stating that the message was composed on a mobile phone device. This sets the sense of reinforcement of an urgent nature, creates an excuse for sending the email from a personal email address, and presents a cover for any potential grammar errors in the email.
How do you identify a spear phishing email and mitigate the risk?
There is no single approach that will stop spear phishing email as your best defense is a layered approach. Defending against cyber-attacks is always handled using a multi-layer approach. The defence is to make it as hard as possible for the hacker to get through your defenses.
Try not to list all employee email addresses on your website. Get your IT department to regularly scan the internet for exposed email addresses and network credentials. If they can’t, get a managed IT services provider or managed security services provider to assist them as they may be over loaded.
Users are your last line of defense and the best if trained properly. Always remember to think before you click!
Our complimentary network and security assessment can put your IT infrastructure and business to the test.
Going to the cloud or worried about security? We are your leading Cloud Services Providers Toronto and Managed Security Services Toronto.
365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT Services, IT Support Services, IT Outsourcing Services, Tech Support Services and Cloud Services.