Tips for Managing Business Updates on Windows 10
August 30, 2016
Did you know that cybercrime costs U.S. consumers a total of $21 billion dollars annually? Add another annual $400 billion in lost intellectual property, and it becomes clear that cybercrime has hardly faded away. Email is one of the main avenues cybercriminals use to get the job done, specifically the tactic called “spear phishing.” Rather than becoming another cybercrime victim, review what spear phishers typically go after and how to protect yourself.
What Spear Phishers Want
Cybercriminals who engage in spear phishing generally desire one of three things:
- Transfer Information: Spear phishers pose as CEOs or CFOs and send emails to employees in the accounting sectors of assorted companies. They request that one or several wire transfers are sent to a specific company or bank.
- Data: Cybercriminals again send emails posing as CEOs or CFOs. Emails are sent to the payroll manager, payroll employee, HR manager, or HR employee. They claim they need to audit employee pay and request W-2s for review. The information is often used for fraudulent tax filings.
- Logins and Passwords: Phishers who want passwords and logins act as the receiver’s supervisor or another high-level executive. Password and login information is requested because the person needs access “immediately” and cannot wait for an IT person.
Protecting Yourself Against Spear Phishing
Use the following tips to keep spear phishers from dipping into the company pond:
Verbal Passwords
Have everyone in your company use verbal passwords. Such passwords must be provided by anyone asking for sensitive data. Recipients of spear phishing emails simply have to ask the sender for the password, which the person will be unable to provide.
Blocking Malicious IPs
Block certain countries from sending you email. Numerous countries around the world are notorious for sending phishing email scams. Since it is impossible to block or change the section of the IP address that features the email’s origin, this is an effective preventative measure.
Quality Spam Filter
Install a high-quality spam filter that inspects messages for spam content and then check the sender’s reputation. Messages are allowed to go through only after these checks are complete.
Authoritative Server
Guard against spear phishing by blocking “company” emails that are not from an authoritative server. Phishers cannot change the servers that send their emails.
Mentality Change
Do not make the mistake of thinking your business is too small to be targeted by spear phishers. An astounding 59 percent of spear phishing attacks target small to medium-sized businesses, and many of those companies are out of business within six months of attacks. Yes, there is nothing that protects you completely from spear phishing; however implementing layers of defense and using common sense is very helpful.
Don’t get caught on a spear phisher’s hook! Take the right steps to guard what is yours. It is well worth the effort.