...

"...your unbiased advocate, providing expert strategy matched to your company's goals and objectives"

 

Summer’s Here and So is Spear Phishing

Share

Cyber attacks and resulting data breaches often begin with a spear-phishing email. Spear phishing differs from regular email phishing in its use of extensive research to target a specific audience, which allows the spear phisher to pose as a familiar and trusted entity in its email to a mark. Spear phishers seek a company’s valuable information—such as credentials providing access to customer lists, trade secrets, and confidential employee information—and some of their methods include:

  • Directing email recipients to fake (but authentic-looking) websites that ask for information like account numbers, passwords, or other credentials; and
  • Inducing recipients to click on links or attachments that download malware onto the recipient’s computer. The malware often allows the phisher to steal passwords and sensitive data by, for example, tracking keystrokes.

The IRS offers the following tips to protect against spear phishing:

  1. Educate all employees about phishing in general and spear phishing in particular.
  2. Use strong, unique passwords with a mix of letters, numbers, and special characters. Also, remember to use different passwords for each account.
  3. Never take an email from a familiar source at face value, especially if it asks you to open a link or attachment, or includes a threat about a dire consequence that will result if you fail to take action.
  4. If an email contains a link, hover your cursor over the link to see the web address (URL) destination. If it’s not a URL you recognize, or if it’s an abbreviated URL, don’t open it.
  5. Poor grammar and odd wording are warning signs of a spear-phishing email.
  6. Consider calling the sender to confirm the authenticity of an email you’re unsure of, but don’t use the phone number in the email.
  7. Use security software that updates automatically to help defend against malware, viruses, and known phishing sites.

Check out our Employee Records and Files section for more on how to protect confidential employee information.

In his career, Gregg has developed specialized expertise in “consumer-driven” and high deductible health plans with HSA and HRA strategies, and sold the first HSA plans issued in Virginia through Assurant Health. He is an expert in analyzing plan design data and has served as account executive for national accounts such as Coca-Cola Enterprises and Tenet HealthCare. Gregg utilizes a strategic approach to establish goals based on each client’s unique culture and competitive environment, and measuring results against jointly established criteria. Gregg Kennerly is a Principal at Advanced Benefit Strategies of Virginia, LLC.
Follow Gregg on Twitter
Connect with Gregg on Facebook
 
 

In the News

 

Fresh Ideas

 

Connect with Us