What is targeted phishing, which is also known as spear phishing?
People don't really understand how exposed they are. I mean, they think it couldn't happen to me, but it will happen to you. And, so, here's what it's really all about.
Spear phishing is a targeted phishing attack toward someone of importance in a company.
It doesn't take very much these days to do social engineering, to go to LinkedIn, to go to Facebook, to go to half a dozen other places and find out who's who in a company. Bad actors do this so that they can target controllers, people in accounting, or even the President or General Manager.
It's not difficult to figure out who they are. And it's not difficult to find their email addresses either. Even though emails aren’t posted on your website, it's not difficult to find them. And once someone identifies that person, then they can target them with a spear phishing attack.
How Do Targeted Phishing Attacks Work?
Targeted phishing means that the bad actor is concentrating specifically on one person. They’re sending the target emails that are designed to get their credentials or certain pieces of information.
Lots of people in a given organization are using services like OneDrive, Dropbox, and Office 365.
In Office 365 and OneDrive, it's easy to send a clickable link to access a file. People do this all the time — you click on the link to open the file, or it asks you for a username and password.
Bad actors can create an email and a page that asks for your username and password that looks completely legitimate. And they've already been lurking in your email for a while to figure out who you communicate with and how you communicate. So, it would more than likely look like it was sent from someone that you recognize.
When you click on that link it prompts you for a username and password, just like the normal prompt that you get when you log in to Office 365. You put your information in and boom — you've given your password away.
You think you're going to the file but you've just given your email credentials away to a bad actor. Now they can log in to Office 365 from the backend through the web interface and can read all of your emails. They can set up rules that will move specific emails that you send to a temporary outbox, and then they can go in and change who it's going to and what it says.
What Happens Next?
Let's say that there is a request for wire transfer and you're sending bank information through email (which we absolutely don't recommend doing). They can go in and make changes and send the email out.
Now they might lurk in your inbox for months until something interesting comes along. You think that that's a lot of time to spend looking at your email, but they're doing that with multiple people. For these hackers, the payoff could be huge. When those wire transfers occur they could include anywhere from $5,000 to $350,000 or more, especially in the real estate industry where huge transactions are occurring. So it's worth the wait for them to do that.
And once they're in your email, you really don't know they're in there until something tips you off. A strange email might come in, or one of the people that you normally communicate with says that something doesn't look quite right.
At that point, you need to change your password immediately. You also need to go to your IT provider or the person who manages your email so that they can search your account on the backend for rules that may be set up to copy and redirect emails.
A common rule that they use is copying everything that comes in and everything that goes out gets automatically in the backend. And that’s unbeknownst to you, because somebody else is monitoring it.
Targeted Phishing for Ransomware Hacks
This can also lead to ransomware. You may have heard about the pipeline ransomware hack and the meatpacking company hack. Those hackers could just as easily send you a targeted email that has a link or has a file in it that looks legitimate.
If you click on that file, the file opens up. But what you don't know is it's installed a piece of ransomware on your computer. Now it can look at your entire network and encrypt all of your files and lock you out of your data. This will effectively put you out of business until you can restore that information from your backups, if you have them, or you may have to pay the ransom.
The ransom is always expensive, and there's no guarantee that you'll get your data back by paying the ransom. And this is happening everywhere, every day.
You hear about the big ransomware cases on TV, but it's happening to small businesses more than larger businesses.
We’re a member of the FBI InfraGard, which is a joint venture between the government and private sector on cybersecurity.
As members of the program, we get access to information that's not necessarily made available to the public. We see the statistics and the cases that aren't making the news. We really understand how pervasive the problem is.
To protect yourself properly from wire transfer fraud, you need to have a cybersecurity policy in place. And not all policies are created equal. You have to be very careful in looking through to see what they cover, what they don't, and what the exclusions are.
We carry cyber insurance for our company, and our carrier automatically accepts our clients if we certify that they're protected. And we manage our clients the way we manage ourselves.
We have a very strict process for our own security and we’re constantly monitoring it. And we implement that process for our clients as well.
One benefit of working with CyberTrust is that we can get you through the process of obtaining a good quality cybersecurity policy very easily. Working with CyberTrust provides you with peace of mind.
Stopping Bad Actors
We had a situation recently in which a client got ransomware on one of their computers. We were able to identify it and determine that it was running on that individual computer. From there, we isolated it before it spread to the rest of the network and damaged the server or databases.
That’s just one of the many steps that we take and one of the security products that we offer our clients. We can look for that type of activity and stop it before it spreads to a point where it causes damage.
Working with us provides the peace of mind of knowing that you're covered even in tough circumstances.
Are you worried about exposure to targeted phishing or spear phishing? Click here for a free dark web scan to protect yourself today!