Spear Phishing: o que é e como se proteger

What is Spear Phishing and how to be protected?

Post disponível em / disponible en / available in: Português Español English

Tempo de leitura: 4 minutos

The use of e-mail is a frequent reality in business routines, of all segments and sizes. Sending documents internally, professional transactions, ticketing and invoicing, communication between sectors; all contribute to the inboxes to be filled daily with new messages.

This is a natural and essential process for business continuity, but beware: emails are great ways to steal information and data, both personal and corporate.

Phishing, as this type of crime is called, is the practice of sending emails that look trustworthy and true with the primary purpose of “fish” a victim – hence the origin of the name [“phishing” comes from “fishing”]. However, a new variation of this threat is getting stronger, especially in Brazil, which is the country with the most crimes involving virtual banking fraud in the world, according to research by ESET security company.

To learn more about Spear Phishing, how it works, and tips for protecting yourself, keep reading.

What is Spear Phishing?

Spear phishingis very much like “traditional” phishing. The big difference is that, instead of conducting major attacks, targeting a group of people and various companies, this variation of phishing makes the theft of specific information from precisely selected organizations.

Intellectual property or confidential data, which are kept in the knowledge of a select group of corporate employees, as well as financial or military data, are the main information the cybercriminals seek to acquire.

These types of attacks, as mentioned, work through e-mails. A message is sent on behalf of an organization with credibility or a sender that the victim has already been in contact with. The content of the message is the main bait and, for the crime to be complete, it is enough for the target to click. Usually, the victim is sent to a website, where they report their personal or corporate data. It is from this sending of information that the robbery happens.

In addition, victims are at greater risk because spear phishingattacks are highly personalized – and they know exactly the way to attack. According to a survey conducted by security firm Proof, two out of five companies have already suffered from these attacks. Of these, 40% said that the content of the e-mail referred to travel and tourism packages, 30% of social networks and another 7% on online sales. That is why caution is needed.

Tips for protection

Like all other virtual threats, there are ways to protect yourself from spear phishingattacks. It is very important to make it clear, however, that the best way to avoid such crimes is through prevention. Companies need to be aware of the importance of maintaining a good security ecosystem, as well as making employees aware that they avoid accessing suspicious pages or performing inappropriate activities – from a security point of view.

Here are a few tips you can use to help prevent spear phishingattacks.

Check the sender

Many of these crimes can be avoided by analyzing the sender’s email. Generally, criminals hide behind similar addresses to customers or organizations. It is important to pay attention to these small details, which can make a big difference.

Do not click on suspicious links

If you checked the sender and they looked suspicious, you’re probably already on alert. However, it is important to avoid clicks on these messages or any links inserted in it. They can target websites built for the sole purpose of stealing information. It is also important to analyze whether the connection is secure, using the https:// protocol with the lockicon.

Do not provide confidential information

Although it is obvious, not all companies follow this tip. It is of the utmost importance that managers and collaborators are aware of the importance of not providing any confidential information by e-mail.

Make upgrades

A simple and very efficient practice is to keep system updates always in their latest version, as they bring bug fixes, new security features and improvements to their tools. So upgrade whenever there are updates available.

Have good security solutions

It is important to have security features that can control and prevent such threats. Firewalls, when properly configured, can handle some of the need, preventing clicks from redirecting users to malicious websites. Firewalls act as a barrier between the external network (internet) and the internal one (company). Antispams are also great features as they filter all emails received, preventing potential threats from reaching your inbox.

Did you know what Spear Phishing is? Do you invest safely against these attacks? Leave a comment for our team of experts!

Keep reading

Állison Souza
allison.souza@ostec.com.br
No Comments

Post A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.