What’s spear phishing and why doesn’t it have anything to do with fish?

It’s no question that hackers nowadays have gotten exceedingly clever – almost unfairly so. It’s important to protect your business from online scams, and one of the biggest threats is a scam called phishing – and no, it doesn’t have anything to do with fish. The name is disappointingly misleading. Anyways, phishing is when a hacker or scammer impersonates a trusted institution, like a bank, to trick targets into giving away personal information. But there’s a whole other level of phishing. And that’s called spear phishing (again, not quite sure where they got the name.) Spear phishing is even more nefarious than regular phishing because it’s harder to detect. We’ll go over what spear phishing is and how to avoid it.

What’s spear phishing?

Spear phishing is when a scammer poses as someone you know, like a friend, family member, or colleague, to get your personal information. They’ll impersonate someone specific to an individual or business by gathering personal details about their target. They’ll ask the target to do something reasonable, like following a link, downloading or opening an attachment, or sending a username and password. Then they’re in – they can steal personal or business information. These attacks are diabolical because they’re designed to put the victim at ease and not raise their suspicions. They’re convincing.

The effects of spear phishing.

Spear phishing is a danger for businesses because all it takes is one employee falling hook, line, and sinker (sorry, couldn’t resist) for the scam for the hacker to gain access to the network. They can grab all sorts of stuff – business financial information, customer personal information like credit card numbers, sensitive business documents. The costs of a data breach can be astronomical in terms of lost business, income, reputation, and dealing with the legal fallout, which is why it’s important that you know how to handle a data breach at your business. Because the unknowing target suspects nothing, the breach could go unnoticed, leading to huge losses over time.

How to avoid being spear phished.

1. Make sure your employees know not to send personal or financial information via email.

Emails can be hacked or intercepted. Plus, what if the recipient gets phished? That would be terribly unfortunate. Use the phone or secure online sites if you must (See Tip 6.)

2. Be wary of emails that ask for personal information.

Even if you know the source or the person and trust them, don’t reply to any emails asking for account details or other personal information without first verifying that the source is, in fact, the source and that they sent it. A quick phone call can save you so much trouble. If possible, don’t give out any information over email at all – see Tip 1.

Think twice about emails that ask for personal information - it could be phishing.

3. Don’t click willy-nilly.

Never click on links or open attachments from unknown sources. That’s not a good plan. You can hover over the link with your mouse – hover, don’t click! – to see if the URL looks suspect. It should match the type in the email. Still, the best thing to do is just don’t click.

Get an insurance quote and save money today on your home insurance

4. Make sure your business’s cybersecurity is current.

Firewalls and anti-virus software need to be kept up-to-date so that they’re ready for the latest threats. Hackers are good at figuring out how to get around security and exploit weaknesses in technology, which is why you need to understand your information technology risks.

5. Keep an eye on your business’s bank statements and financial information.

The sooner you catch and weird activity on your accounts, the better. It’s a good idea to be vigilant and monitor all financial accounts carefully. It may not be the most thrilling thing in the world, but it’s still important.

6. Ensure that employees know to use only secure sites or the phone for personal info.

If you have to enter personal information online, you should check that the site is secure. You’ll see https:// at the front of the URL (not just http://) and there will probably be a lock icon.

Also, tell your employees to be careful with phone calls – phishers can use phones as easily as the internet. Don’t give personal information out over the phone unless it’s a trusted person on the other end and you called them, not the other way around.

7. Trust your instincts.

This one is pretty simple. If something seems even slightly off, don’t engage. Back away slowly. If it quacks like a duck, chances are it’s a duck. Or phishing scam. Same thing.

8. Tell your employees to be careful on social media.

Social media is where hackers get a lot of their information so that they can more effectively target their victim. Personal information and details should remain personal.

9. Tell employees to delete scam emails and then clear their Junk folder.

Just to be on the safe side, get that thing off your computer.

Make sure your employees know how to recognize phishing scams.


Get a quick homeowners insurance quote

Phishing and spear phishing can be devastating for businesses. If you experience a data breach, you may never win back the trust of your customers. That’s why it’s so important to train your employees about common online scams and how to recognize them. Your best play is making sure that everyone knows what’s out there. Remember, hackers are smart. They make you think they’re people that you know and maybe like.

Do you need a quote for your business insurance? We can help with that! Our team of insurance professionals can help you identify the risks that your business faces. From there we’ll help you create a business insurance plan that’s tailored just to your business – every business is different, so they all have unique insurance needs. To get started with some free quotes, just fill out our online quote form or give us a call today.