Sophisticated spear-phishing attacks are at an all-time high. Phishing emails can take on three different forms. One type would be designed to make the victim unwittingly give away valuable data.
Another type could be an innocent looking attachment that’s actually designed to give control of the computer to the attacker. And the last type could be a crafty looking URL that when clicked attempts to load malware onto the victim’s computer via a website the attacker controls.
Aaron Higbee, CTO of PhishMe said: “Spear phishing is the criminals‘ preferred method of choice if they want to get inside an organization. Some employees falsely believe that their role isn’t important enough for a hacker to attempt to spearphish them. If the attacker’s main goal is to simply obtain access to an internal network, they won’t discriminate. Everyone is a potential target. Their methods are increasingly more sophisticated and use social media more and more to tailor-make emails that trick people into opening them.”
“We have found that workers are not connected to protecting their corporate assets. They believe it’s the security team’s job to protect them from all outside threats, and that security products alone can protect the ‘corporate crown jewels’. However, it’s a different case when it comes to people protecting their own data on their mobile devices or home computers — our experience shows that people are far more likely to be on their guard when looking at emails at home because they have far more to lose than at work.”
PhishMe has found that training staff to know how to recognize and avoid a phishing attack, including the more targeted ‘spear-phishing’ attacks, can reap dividends when it comes to not only protecting the corporate environment but also people’s home computers once they put into practice what they have learnt at work.
Higbee said “Most people use very little security at home to protect their PCs, at most AV software, so the skills they learn at work can help them enormously when spotting a scam or Phishing attack which otherwise could cost them dearly.”
"Home based information security has often been neglected by organisations who see their responsibility finishing at the keyboard of the corporate PC or smart device", said Nigel Stanley, Practice Leader for Security at Bloor Research. "When I conduct security reviews for key individuals I always address domestic security and the use of 'family PCs' - often with a shared administrator account - as I see more and more targeted attacks against these vulnerable platforms".
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.