Ep 15 Spear Phishing

15 Spear phishing How to Recognize and Avoid Spear Phishing Scams

KnowBe4 website

https://www.knowbe4.com/spear-phishing/

Hello and Welcome back to USB our Guest, Cyber Security Tips. Thank you for taking time out of your day to listen

Today's tip is about spear phishing. A great article about spear phishing is on KnowBe4's website. As stated in a previous episode,  knowBe4 offers it's social engineering prevention education to businesses so it may be a bit technical. But if you want a deep dive in Spear phishing it's about a 5 minute read. A link to the article will be in the show notes

What is spear phishing? Well, we know from a previous episode that phising is the practice of sending emails masquerading as legitiamte companies to fool someone into revealing personal info like a credit card number. Spear phishing is the practice of sending emails at a specific individual or department in an organization, that appears to be a ligitimate source.

KnowBe4 states that according to research from security firm Trend Micro, 91% of cyber attacks and the resulting data breach begin with a spear phishing email

an Example of a spear phishing attempt could be an email from cyber criminals, masquerading as the CEO, asking an employee in accounts payable to initiate a wire transfer. Since this is something that a CEO could request, it takes a keen eye to spot the scam

Another example could be an email from cyber criminals pretending to be a vendor, asking an employee for help with payment and requesting that they open the document attached. Some attachements could have a macro enabled word document, that once opened runs a keylogger, a screenlogger, webcam & microphone recorder and grants the criminal full access and control of the computer.

KnowBe4 offers the following tips to help avoid being spear-Phished

First, if you get a request to transfer funds, always followup with the actual person on another channel to confirm the request in legitimate.

Report suspicous emails before you click.

Be cautious of emails that request fast action, or that ask that you click on a link or file to learn more

Finally, check with your IT department on procedures for dealing with suspected spear-phishing attacks.

That all for today except for a few freindly requests. If you like what we're doing here please take a minute to rate and review us on whatever podcast platform you are using. Also, I'm planning on making the episodes a little longer around 5 min with a short 30 sec ad to help with a little revenue. Please bear with me as I figure out a good placement for this and remember that 30 seconds, is 2 - 15 second skips.

Thank you again for listening and we'll talk to you again soon