Recently, the FFIEC issued a warning to financial institutions of an increased threat of cyber-attacks. Banks as well as other types of companies are finding ransomware installed on their networks in effort to extort a ransom. Broadtek has identified and cleaned several of these ransomware cyber-attacks which began with a spear phishing email to upper level executives in various sectors.
Email Phishing continues to be a commonly used method of attack in most sectors. The Symantec Intelligence Report September 2015 indicated that Finance, Insurance & Real Estate sector made up 27% of the targeted attacks where systems were comprised using spear-phishing. Most targeted organizations had fewer than 250 employees.
2 Types of Email Phishing & Spear Phishing Attacks
Spear Phishing targets individuals within an organization to obtain personally identifiable information. These attacks often begin by sending an email that appears to be from a legitimate company. Spear Phishing emails commonly use one of two types of attack:
- The email will contain a link to a website that appears to be an official website. Once the email recipient logs in to the rogue website, the hacker will have possession of any personal information typed at the site such as user identification, passwords, and any other information requested.
- The email will include an attachment which installs malware to the workstation and network when the attachment is opened.
Spear phishing is an ongoing problem for organizations in all sectors. Email phishing and spear phishing attempts are only successful if the email recipient follows a link or opens an attachment file. The most effective method of protecting against a spear phishing attack is training and education. All organizations should conduct regular employee training, including executive level employees, so they know how to deal with email phishing and spear phishing attacks. Executives are frequently targeted on these attacks because they have a higher level of network access.
Tips to Avoid Falling Victim to Email Phishing
A few quick tips to implement today to avoid falling victim to email phishing and spear phishing attempts:
- Do not open emails from unsolicited sources. Delete them immediately.
- Check link destinations with mouse over. Verify the URL that should appear in the bottom left corner of your browser.
- Do not automatically follow warnings and requests within emails. Call the normal business phone number of the apparent email sender to verify email contents.
Broadtek has partnered with companies specializing in IT security to offer security awareness training in-person, live webcast or recorded webinar for your organization. Call today to schedule your next training session.