You receive an urgent request from a company executive. Can you please pay an invoice right away? This is not the normal procedure, but you are told this is an exception. You have your doubts, but process the payment as instructed. It turns out the company executive knows nothing about it. A cyber imposter stole information and pretended to be a senior manager. Now the money is gone. So never blindly accept an unusual request.
Learn to recognise cyber imposters.
What is spear phishing?
Spear phishing is a targeted attack by cybercriminals on specific individuals, institutions or companies. The goal is to get their hands on sensitive information, such as account information or financial data through online communication channels. These individuals, institutions or companies are chosen because they are attractive targets. Because a targeted attack is often more successful, they make it as specific as possible.
By putting your supervisor’s name at the top of the email. Attaching an invoice that looks exactly like a normal invoice, including formatting and logo. And sometimes even adding a phone number with a (fake) service desk.
Our tips to protect against spear phishing:
- Attend awareness trainings and meetings at your institution. This will help you learn to better recognize this form of phishing;
- Agree clear procedures in your institution and make sure you and the other employees know these procedures. In the event of a spear phishing attack, you will be asked to deviate from agreed-upon procedures. Know what to do when a request to deviate comes in;
- Technical measures can limit the damage of spear phishing. For example, the use of multi factor authentication, but also the principle that large payments should always be checked by two people separately;
- Be aware of what you post online and shield your LinkedIn from strangers with the privacy setting. This makes it harder for criminals to find out information such as who your manager is or what department you work in.