Tips to Protect Against Damage from Spear-Phishing Emails
Cyberattacks and resulting data breaches often begin with a spear-phishing email. Spear phishing differs from regular email phishing in its use of extensive research to target a specific audience, which allows the spear phisher to pose as a familiar and trusted entity in its email to a mark. Spear phishers seek a company’s valuable information-such as credentials providing access to customer lists, trade secrets, and confidential employee information-and some of their methods include:
- Directing email recipients to fake (but authentic-looking) websites that ask for information like account numbers, and passwords or other credentials.
- Inducing recipients to click on links or attachments that download malware onto the recipient’s computer. The malware often allows the phisher to steal passwords and sensitive data by, for example, tracking keystrokes.
The IRS offers the following tips to protect against spear phishing:
- Educate all employees about phishing in general and spear phishing in particular.
- Use strong, unique passwords with a mix of letters, numbers, and special characters. Also remember to use different passwords for each account.
- Never take an email from a familiar source at face value, especially if it asks you to open a link or attachment, or includes a threat about a dire consequence that will result if you fail to take action.
- If an email contains a link, hover your cursor over the link to see the web address (URL) destination. If it’s not a URL you recognize, or if it’s an abbreviated URL, don’t open it.
- Poor grammar and odd wording are warning signs of a spear-phishing email.
- Consider calling the sender to confirm the authenticity of an email you’re unsure of, but don’t use the phone number in the email.
- Use security software that updates automatically to help defend against malware, viruses, and known phishing sites.
Click here for additional information about protecting yourself from spear-phishing attacks.
Check out our Employee Records and Files section for more on how to protect confidential employee information.
HR News Alerts provided by:
2005 E 2700 St, Suite 140, Salt Lake City, UT 84109
Please Note: The information and materials herein are provided for general information purposes only and are not intended to constitute legal or other advice or opinions on any specific matters and are not intended to replace the advice of a qualified attorney, plan provider or other professional advisor. This information has been taken from sources which we believe to be reliable, but there is no guarantee as to its accuracy. In accordance with IRS Circular 230, this communication is not intended or written to be used, and cannot be used as or considered a ‘covered opinion’ or other written tax advice and should not be relied upon for any purpose other than its intended purpose.
Copyright © 2018 HR 360, Inc., All rights reserved.