Story image

Spear phishing

01 Nov 10

You probably have heard about ‘phishing’ attacks, where cyber criminals attempt to penetrate a business network to steal valuable information. But ‘spear phishing’ is a more recent phenomenon, in which a specific company, or individual staff, are targeted. If your company has developed a unique product which has serious money-earning potential, then you could be subject to a spear phishing attack, and you need to take special precautions.
What the phisher is trying to do is penetrate your computer network, and a common way of doing this is to entice you to let them in. They can do this by looking at the names and email addresses of employees that are often listed on company websites. Social networking pages, either those of the business or those run by individual employees, are also favoured. They may even start with a phone call, in the guise of a potential customer, seeking information (this is known as ‘vishing’ or ‘voice phishing’).
The next step is to start sending emails to their ‘targets’. They may contain attachments with special offers or links to places where useful information can be obtained. The aim is to get those attachments and/or links opened inside the company firewall; then the malware they contain can be downloaded on the employee’s computer, creating a gateway to the server. Phishers can be quite patient and subtle in their approach, taking time to build a rapport with the unsuspecting employee. But once in, they will work quickly, lifting information wholesale with a view to selling it to the highest bidder, before the breach is detected.
The way to foil such attacks is twofold: firstly, if your data is sensitive and valuable, you need to protect it appropriately. If you’re still managing your own server security, it may be time to graduate to a managed security system maintained by experts, who can monitor it for possible intrusions and keep protection up to date. The second, but no less important step, is to educate staff about requests for information from previously unknown sources. Any such approaches should be checked for their bona fides before any information is given out. Extra care should be taken with incoming emails, and software that scans attachments and links should be mandatory.

The new world of edge data centre management
Schneider Electric’s Kim Povlsen debates whether the data centre as we know it today will soon cease to exist.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
How HCI helps enterprises stay on top of data regulations
Increasing data protection requirements will supposedly drive the demand for Hyper-Converged Infrastructure solutions across the globe.
Vodafone and PNSol champion new ‘invisble network’ broadband project
"As an industry, we've increased the speed of broadband to one gigabit and beyond, which is a remarkable achievement, but we now have to look beyond speed."
Top 3 cloud computing predictions – what’s in store for 2019?
Virtustream's Deepak Patil shares his predictions for how cloud computing will evolve in 2019.
London’s pricy data centres allow Frankfurt to overtake
According to a new report, data centre pricing in the UK is among the highest in Europe, which is seeing other countries prosper.
Rubrik welcomes $261m funding for new market expansion
The company intends to use the funds from new investor Bain Capital Ventures will go toward future innovation and expansion.
Survey finds retailers 'bullish' on hybrid cloud adoption
The retail industry takes no prisoners and that’s made clear in its 'on the pulse' adoption of new technologies.