noun: spear
phishing
1.
the fraudulent
practice of sending emails ostensibly from a known or trusted sender in order
to induce targeted individuals to reveal confidential information.
"spear phishing
represents a serious threat for every industry"
The incidence of spear phishing continues to increase. At
Henssler, even though our in-bound email is filtered through two different 3rd
party services, well-crafted spear phishing attempts can still make it through.
Why? Because it is almost impossible for the filters to tell the fake emails from
the legitimate. These emails are simply
requests for routine functions that we perform on a regular basis. What set
these apart is the criminals have taken the time to get the correct names, and
in some cases format the request in a very believable manner.
We have seen multiple incidences of criminals purporting to be clients and employees trying to fool us into wiring money and changing payroll direct deposit accounts. Some of these have been ‘a cut above’ the usual stuff our staff easily identifies as bogus. Fortunately, thanks to regular employee training as well as policies and procedures designed to confirm and verify these type of requests, none have been successful. However, we are always diligent and attempt to learn from each attempt, as the bad guys need only succeed once, whereas we must get it right 100% of the time.
How the criminals obtain access to this information varies, but it shows a level of sophistication much greater than the average email scam artist. What makes this even more disconcerting is there are international gangs that specialize in these tactics, a few of which have been identified by authorities, but prosecution of cybercrime is extremely difficult and the possibility of recovered assets, almost nil.
The simplest and most effective way for you to protect yourself from these type of attempts is also the most old fashioned - simple one to one contact, either in person or via telephone. However, when using the phone, do NOT rely on a phone number that was provided in the suspicious email, instead look up the number separately. For example, if you receive an email purporting to be from a friend, financial or government representative requesting you to send or electronically transfer money, you should independently verify that request using a phone number you have for that individual. If you do not know them well enough to recognize their voice…should you really be sending them money?
One thing these scams tend to have in common is they try to
instill a sense of urgency and when pressed, they have excuses why you cannot
reach them through your known contact methods. If you think that you would
never fall for something like this… so did many of those exploited by these
scams every day, totaling an unknown number of billion$ lost by people
throughout the world. [the estimated cost of cybercrime worldwide for 2018 was
over $600 billion, the true cost can never be calculated as much of it goes
unreported and unidentified ].
When in doubt, DON’T send it out!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.