Tips for Avoiding Spear Phishing
Wherever you look in the news lately, it seems that top corporations and media outlets are becoming victims of spear phishing attacks more and more. And as many news reports on these attacks have stated, education of employees and strengthening the human factor is essential. To stay safe while using email and social media, take a look at the helpful tips below to avoid being speared in 2013.
Tips for avoiding getting “speared”
1. Use common e-mail sense. Period. The main point is you shouldn't automatically trust any email message. Don’t let the presence of familiar personal information in a message lull you into a false sense of security.
2. Don’t provide any personal information on social networking sites such as birthdays, anniversaries, names and ages of your kids. Rather than refer to family members by name, use their first initial or some other reference that would be obvious, but you wouldn’t expect someone to use in an email to you.
3. Do your research on emails that request immediate action. Google the company name and get a contact number to call and ensure you’ve received a valid request. Do not trust the contact information in emails because cyber criminals will include phone numbers that dial the criminal directly.
4. Be extra careful of emails that relate to current events. For example, emails with links to photos of the royal baby, up to the minute coverage of sporting events, video of recently talked about performances such as Miley Cyrus, or the scandal of the moment, are very likely to be links to malicious web sites. If you feel the urge to look at photos like this, look for them on reputable sites like www.cnn.com or other news sites.
5. Don’t assume that emails from friends or colleagues have safe links or attachments. Cyber criminals can easily collect your colleague’s email address from social networking sites or the Internet and send email to you that looks like it is from a safe sender. When you receive a link or attachment from a friend or colleague, the safest approach is to call your friend and verify that they actually sent you what you received.
Bottom line, vigilance is the key to staying safe from a spear phishing attack. It may seem like an inconvenience to do a little extra homework or research get to a legitimate website, but in the end it’s worth the time to know who you’re dealing with. Playing Russian Roulette with social networking and e-mail today is just not worth the potential risk you are putting yourself in, not to mention the company you work for if you do personal stuff at work. High profile spear phishing breaches are forcing companies to be savvier at identifying the weakest link in their security posture – don’t let that be you.
Subscribe to the Proofpoint Blog