Spear Phishing Prevention Best Practices copy

Don’t Get Hooked! Spear Phishing Prevention Best Practices

Blog

Don’t Get Hooked! Spear Phishing Prevention Best Practices

Unfortunately, phishing attempts are now part of our daily lives—and although they may be more commonplace, that doesn’t make them any less dangerous. Successful phishing attacks can cripple a business operationally and can also cost a fortune between ransomware “fees” and lost profit. Whereas phishing emails may be random, and sent to any number of recipients, spear phishing attempts are much more targeted and therefore much more dangerous. The average financial loss associated with a successful spear phishing attack as of 2016 was $1.6 million (with some payouts upwards of $50 million) and as online attackers grow increasingly savvy, understanding how to safeguard your business from spear phishers is vital.

Because spear phishing attempts prey on our innate trust, and our likelihood as humans to make mistakes, it is crucial that businesses and associates understand which best practices to put into effect to guard against these attacks. Below, the team at Avatar Computer Solutions has compiled a list of phishing prevention best practices which when put into effect will help keep your systems safe and your information out of the wrong hands—potentially saving you and your business a small fortune.

1. Stay Informed

When a string of muggings hits a neighborhood, chances are those residents will want to know as much as they can about the attacker. Just as knowing what height, weight, and build the attacker was can help residents stay alert and avoid an attack, recognizing the signs of a spear phisher can accomplish the same goal. Here are some things to look out for: 

  •  Non-specific greetings: “Hello user,” or “Attention Amazon customer” should be an obvious red-flag, but keeping your guard up and your eyes peeled for these greetings can help avoid becoming a spear phishing victim. 
  • Typos galore: There’s a good chance anyone reading this has received an email from an entity claiming to be a business or a service provider, yet unable to properly capitalize “PayPal.” While these typos may seem like an obvious giveaway, even phishing emails with an abundance of spelling errors can scare victims into clicking via threats of account deletion or even legal action. 
  • Links and attachments: Oftentimes spear phishing emails will follow a threat of account deletion with a link, usually preceded by a prompt such as “click here to regain access”. Under no circumstances should you open a link or an attachment unless you are 100% certain of its sender. 

While these may be age-old signs of spear phishing attempts, new methods are being implemented every day. Employing a healthy sense of skepticism regarding emails of unknown origin, paired with routine security training sessions, can help keep users informed on the latest spear phishing tactics and keep information out of the hands of ransomware attackers.

2. Keep Private Information Private

Since spear phishing attacks are targeted, they rely on personal and private information to be effective. Information can be easily harvested by spear phishers from social media—where you live, what kind of car you drive—and when in the hands of these attackers even the most minute details can be weaponized. For this reason, in order to avoid giving spear phishers information to use against you in ransomware attacks, it is recommended that all social media accounts be made private. While this shields your information, it is also wise not to volunteer too much personal information on social media in the unlikely event that an account is compromised. Keeping private information locked down or off social media altogether gives spear phishers less ammunition to use against you and can save your business.

3. Invest in a Proven Defense System

While it is crucial that teams stay informed and take every precaution to avoid volunteering key information to spear phishers, humans ultimately have a tendency for mistakes. A study compiled by Comparitech discovered that 97% of users cannot correctly identify a spear phishing email, meaning it is more important than ever to have a back-up plan in place. The Cyber team at Avatar Computer Solutions takes a proactive approach to spear phishers, so attackers are thwarted before they even get a chance to strike. Attackers will continue to look for every vulnerability, but a solid managed cybersecurity system from Avatar will keep you several steps ahead of spear phishers at all times. 

For businesses of any size a successful ransomware attack can be devastating, and those wanting to protect their business should implement these phishing prevention best practices immediately. Security threats are constantly looming, and businesses without a spear phishing defense system are sitting ducks. Contact Avatar Computer Solutions today to ensure you have the best possible defense against spear phishers.