January Newsletter: Looking at a new spear phishing attack
|Looking at a new spear phishing attack|
|Take some time and research how companies are hacked and you will quickly come to realize that there are a wide variety of methods at a hackers disposal. One of the increasingly common, and effective strategies being employed is spear phishing. In early December 2014, a new spear phishing attack was uncovered, one that has proven to be quite effective against large businesses, and could possibly target small companies as well.|
What is spear phishing?
Spear phishing is an advanced form of phishing where attackers troll the Internet for relevant information about you and then create a personalized email that is sent to you. This email is usually developed so that it appears to be coming from a friend or trusted partner and contains links to a site or program that can initiate an attack or steal information.
More often than not, these links are to websites where you enter account information, passwords, and even bank account details, or any other personal information which can be used to break into computers and even steal your identity.
What is this latest spear phishing attack?
This new form of spear phishing, being carried out by an organization who calls themselves FIN4, has actually been around since as early as mid 2013. When they attack Wall Street listed companies they are doing so to steal valuable plans and insider information.
What we know is that they send highly savvy and targeted emails to people at a company, trying to harvest Microsoft Outlook account information. Once they have this crucial data they then target others inside, or connected to, the organization, with the same email, while also injecting the code into ongoing messages. This method can spread the attack quickly, leading to a potentially massive security breach.
In the email examples of this phishing threat, the attackers write mainly about mergers and other highly valuable information. They also include a link to a forum to discuss the issues raised further. These emails come from people the recipient already knows, and the link is to a site that asks them to enter their Outlook account and password before gaining access. When this information is entered, it is captured by the attacker and used to launch more attacks.
What can we do to protect our systems?
From what we know, this attack is being carried out largely against law firms, finance companies, and other large organizations. While this discounts many small businesses, there is a good chance that the attackers will turn to small businesses operating with larger companies at some point.
Because this is an email-based attack, you need to be extra vigilant when opening all emails. Be sure to look at the sender’s address, and read the body of the email carefully. While hackers generally have good English skills, they aren’t fully fluent, which means you will notice small mistakes. Also, keep in mind previous emails sent by the recipient. If the tone and style is off, then the email may be fake.
It is important to always look carefully at all links in email messages. If a link looks suspicious, then ask the recipient for more information or to tell you where the link goes. If you come across any site asking you to enter account information, be extra careful. Look at the URL address in your browser, if it doesn’t sat HTTPS:// before the address, then it may be a good idea to avoid this.
If you have any questions on spear phishing and how you can prevent it, contact us today to see how we can protect your business.
|What are online backup solutions?|
|With a Disaster Recovery Plan and Business Continuity Plan, businesses need to ensure that a proper data and system backup solution is in place. There are many different ways to implement a backup solution, with one of the most common being online or cloud-based backup. While these systems are popular, there is still confusion over what exactly it is.|
|Why social media content isn’t shared|
|Social media has come to play a large part in the content marketing campaigns of many businesses. While creating a solid presence can be beneficial for businesses, owners often struggle to get their content shared. There are many reasons why, but here are four main ones that you should be aware of and what you can do about them.|
|Office 365 subscriptions|
|Cloud solutions have become an integral part of many businesses. If you are looking to implement a new cloud solution, one of the best places to start is with Microsoft’s Office 365. This business-oriented platform has a lot to offer users, however, as with all other Microsoft products, there are a wealth of plans to select from. Here is an overview of the most common versions.|
|How to pin tabs with Chrome|
|There is a good chance that when you work in your browser, you usually have a number of tabs constantly open in the same window. For example, you may have Gmail open, Google Drive, etc. If you close the window, you will no doubt need to open the tabs again and again, which can be frustrating. To make browser use easier, Chrome has created the Pin Tab feature.|