Spear phishing is an email spoofing fraud attempt that targets a specific organisation, seeking unauthorised access to confidential data. Spear phishing attempts are not typically initiated by ‘random hackers’ but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.
We’ve seen a big increase in the number of attempted email scam recently. This has been particularly true of emails that start with a seemingly legitimate and convincing email. We have been working with providers on a range of technical updates to our spam filtering system which will enhance our detection capabilities on the Zimbra platform.
If a fraudulent email is convincing to you, it’s also pretty difficult for our systems to detect without interrupting legitimate emails. The best protection is awareness.
This video shows how a Spear phishing attack can happen and the form that they typically take. Scammers research their intended victims using social media (Facebook, Linkedin, Twitter etc) and other public domain information to create a plausible scenario. They may have inside help or have received some communications from their intended victim before so that they can copy their writing style and signature.
Protect Yourself from Spear Phishing
- Consider the request. If it is asking for money or confidential information, take additional steps to verify it.
- Check the Reply-to address matches the From address or is a valid address for your correspondent
- Contact the individual using the phone to check that their email is legitimate
- Set your email software to always display the full email address to make it easier to verify who you are communicating with
Implement Procedures for setting up new payees in your business
- Before paying any new payee for the first time, the payment must be authorised by all Directors by phone or in person.
- All payment requests must be accompanied by a supplier Purchase Invoice number.
- All supplier purchase invoices must quote a valid Purchase Order number.
Evaluate your Public Information
- Look over all the information you have stored on the internet (ie. social media pages, shopping accounts, site profiles, forums). How much knowledge about you could a spear phisher retrieve? Remove all irrelevant information that makes you a target online.
Protect yourself online
- Follow advice on staying safe online:
- Use different passwords for all your accounts
- Understand the threats and what you can do to protect yourself
- Stay up to date. When a product or service offers an update, read about it and take action. Most of the time the update will be accompanied with security patches and important information regarding your privacy.
You should always be cautious about sharing any confidential information online. When in doubt, don’t share it and contact the individual or business first.