I attended the AITP Region 5 Conference yesterday and had the pleasure of listening to Stephanie Wright from the FBI present on Cyber Security. She talked briefly about “Spear Phishing” and it shocked me at how vulnerable I have been to this type of attack. Most of us know what Phishing is. Phishing is an attempt to acquire sensitive information such as usernames, passwords, bank account numbers, or credit card details by sending fraudulent and misleading emails. For details on how to recognize Phishing emails see the link below.
How to recognize phishing email messages or links:
I already know not to click on the average type of Phishing emails that we all receive but what about an email that you receive from a coworker or a conference you just attended? Would you open a PDF attachment from them when it is sent to just you? Let’s define Spear Phishing.
Spear Phishing is a targeted phishing attack. It is done by sending you an email and spoofing the email address so it appears to come from someone you know. The attacker gets this information from your Facebook account, company website, or other public source. The attacker picks a coworker or family member and sends you an email that appears to come from this person you know. This email has an attachment such as a PDF or Word document. When you open the attachment it attempts to infect your machine with a key-logger class tool designed to steal your financial information and eventually your money.
Another variant of this is to send you an email from a conference you just attended and let you know that the presentation from the conference is attached or better yet that the attachment is your unpaid bill. Who wouldn’t open that? This is a hard one to defend against.
How do you protect yourself from a targeted phishing attack? There is no silver bullet for this. I do have a few thoughts that will reduce your risk.
- Keep your systems patched – this will limit the vulnerabilities
- Use antivirus – Microsoft has a great free version – there is no excuse for not using antivirus
- Don’t open email attachments – hunh? I can’t do that either
- Use a dedicated machine for your online bill pay and don’t do email or surfing from that machine
- Hope & Pray
If you have other ideas that can reduce the risk from Spear Phishing please share them with me. (No, not in an email attachment. lol)