Spear phishing is a cyber criminal’s attempt to get your private or sensitive information by pretending to be a legitimate sender such as a financial institution or a government organization.

Spear Phishing is the third most common scam in North America. If you have an email address or a phone number or if you use social media or browse the internet, chances are you’ve received a Spear phishing message.

What is Spear Phishing?

Spear Phishing can be conducted through a text message, social media, or by phone. However, the word ‘phishing’ is mainly used to describe attacks that occur through emails. Phishing emails can reach millions of users directly and hide amongst the huge number of benign emails that busy users receive. Such infected emails purposefully designed to install malwares (such as ransomware), sabotage systems, or steal intellectual property and money.

Spear Phishing emails can hit an organization of any size, type, and location. You might get caught up in a mass campaign (where the attacker is mainly trying to collect new passwords or make a quick buck), or it could be the initial step in a targeted attack against your organization, where the aim could be something much more specific, like the theft of sensitive data. In a targeted campaign, the attacker may use information about your employees or company to make their messages persuasive and realistic. This type of attack is known as spear phishing.

How your Organization can Prevent Phishing Attacks

Phishing attacks have become a common phenomenon since the inception of the internet back in the ‘90s. Although they intrude on the personal information of the victims, the right knowledge and preparation can act as robust phishing protection measures. Follow these guidelines to learn on how to avoid phishing:

Become DMARC Compliant

DMARC (Domain-based Message Authentication Reporting and Conformance) is a global standard for email authentication. It allows senders to verify that the email really comes from whom it claims to come from. This plays an important role in curbing spam, phishing attacks, and other cybercrimes. A properly setup DMARC assists your organization in the following ways:

1. Protect your online brand: No matter the size or scope of your organization, cybercriminals will attempt to impersonate your domain and online presence for malicious purposes. DMARC helps keep your brand out of their arsenal of spoofed email domains, thus protecting your brand’s integrity.
2. Increase email deliverability: Even legitimate emails can end up in spam folders and email quarantines, which can be a problem when emails contain important healthcare information. DMARC serves as extra proof that email from your organization is legitimate, increasing deliverability to the inbox while also knocking out fraudulent mail.
3. Gain greater visibility into cyber threats: DMARC enables you to monitor all authorized third parties that send emails on your behalf – as well as those that are not authorized — helping to ensure compliance with security best practices.

• Setup a Multi-Layered Anti Phishing System

Typical organization defenses against phishing mostly rely on employees being able to detect phishing emails. While this approach is a good start, it has limitations. A more robust way consists of widening your organization defenses to include more technical measures. This will improve your organization resilience against phishing attacks without disrupting the productivity of your employees. This setup allows for multiple opportunities to detect and stop phishing attacks. While a certain percentage of attack may still go through, a setup like this assist in planning for incidents, and minimizing the damages caused.

Below are some of the benefits of a multi-layered anti phishing system:

1. It makes it harder for cyber-attackers to reach your users
2. It assists your employees detect, identify and report suspected phishing emails
3. It protects your organization from the effects of undetected phishing emails
4. It Speeds up your response to incidents 

At VirtualDoers, we are all too aware of how important regular Security Awareness Training and simulated phishing exercises are (and by regular we mean more than once per month). Make sure your users are adequately trained to deal with phishing emails, the success of spear phishing and BEC shows us very clearly that technology alone is not enough to protect your business. Interested to know how many of your users will click a phishing email? We created a free tool called the phishing-Test which will tell exactly how many of your staff have a propensity for clicking on phishing links.