We’ve seen a rise in recent years of ransomware attacks. It’s affected individuals, companies and even governments. There are many different ways that a criminal can go about executing a ransomware attack but one of the more common methods in recent years is spear phishing. Today we examine what exactly this is and look at some ways you can protect yourself.

What Is Ransomware?

Ransomware is exactly what it sounds like. It is malware that when executed encrypts the files on the computer or network allowing the attacker to demand a ransom, usually in a cryptocurrency, in order to unlock it. Some victims choose to pay, some restore their systems and some wipe their systems out to start over. Ransomware has become such a common threat today that it is seemingly not even newsworthy when another attack hits and it targets more than just businesses or government entities.

What Is Spear Phishing?

You probably know what spear fishing is, that is someone with a spear trying to snare one particular fish. Spear Phishing operates in much of the same manner. A specific individual or organization is targeted. An email is sent to that person that appears to be from a trusted source (a government entity or charity organization for example) and when a link in the email is clicked on or an attachment is opened it infects the computer. The goal for attackers is to steal information and for others it is to hold the files for ransom.

Why Is Spear Phishing Effective?

What makes Spear Phishing effective is that the attacker is able to make the email that is used to execute the attack looks real. It is easy to find victims as the email addresses of high ranking individuals at a company is usually readily available on the company’s website. Since that information is available it is easy to tailor an email to that specific individual. 

What also makes Spear Phishing effective is that the security on the computer like antivirus software and a firewall will not protect you. These attacks often are exacerbated since many users do not keep this software or their computer’s or website’s software up to date. Since these emails often time target one particular individual it is easy to get them through any email filter. This is not a blanket email attack that hopes some get through a filter and a few people fall for it, instead it is targeting one person. As long as that person clicks on the link or attachment in the email it supersedes all security on the computer anyway.

How are these criminals able to get the email addresses to send these attacks? Easy, they are on your company’s website. You have a page on your company’s site with the company leaders and this usually includes a phone number and email address so legitimate customers can contact you. These thieves take advantage of that. Many people choose to use their own personal email address but you shouldn’t do this. Spend the money and create a professional email address. It looks better for you and it can protect you in this instance.

How Can You Protect Yourself?

While keeping your computer’s software up to date may not help in stopping that email from getting to your inbox it is a good idea to do, if just to warn you before opening something you shouldn’t. It can potentially help make the effects of an attack should you fall for it much easier to overcome since it closes many of the exploits used. Along the same lines if you are using an operating system that has reached its zero day it is time to upgrade to a newer operating system. Don’t forget to also do regular backups of your information. If an attack does happen recent backups will make recovery easier.

The best way to avoid a spear phishing attack is to know what to look for and to educate your employees to do the same. All it takes is for one person to fall for it on your company’s network and your files could be held for ransom. Be smart when opening an email. If you all of a sudden receive an email from a charity organization or something like that out of the blue regard it with skepticism and do not click on any links or attachments in the email. Also regard any emails from “customers” with the same skepticism, especially ones asking for personal information.

Also be smart about what information you put online. Putting information on your company’s page about you may seem to make you more personable but the more information that is on the page the more information there is for an attacker to use. It is a shame but it is unfortunately reality today. Make sure that your employees understand this as well so that they can hopefully be smart too. All it takes is one person falling for a Spear Phishing attack and all of your preparation can be for naught.

Comments are closed.

Scroll to Top