Safety online is essential to running a secure and efficient business. That is why it is important to boost cybersecurity and avoid a special type of phishing attack known as “spear phishing.” Cyber criminals use spear phishing emails to target a specific person or organization. Spear phishing emails typically have information about the victim in the email that makes the email seem credible.
In an article from The Hacker News published last month, Microsoft’s Digital Crime Unit (DCU) seized 41 domains used in spear phishing attacks. They found that the goal with these attacks was to steal and exfiltrate sensitive information, take control over the infected machines, and carry out remote reconnaissance. Understanding how to prevent these attacks will help prevent you from becoming a victim.
Here is a spear phishing example that has to do with attempting to gain financial information. In 2018, a law firm posted a blog that gave the following example, which appears to be from an internal person within the company.
Below, Hikvision’s VP of Global Information Security, Chuck Davis, offers 8 tips to protect yourself online and reduce your risk.
8 Tips to Protect Yourself Online: Reduce Phishing Attacks and Boost Cybersecurity
- With a business email address, let your cybersecurity team know immediately when you receive a threatening email. There could be an ongoing company-wide campaign that the cybersecurity team can stop.
- Use two-factor authentication (2FA) or multi-factor authentication (MFA) everywhere possible.
- Use a password manager. This will allow you to make great passwords (20 plus characters) that are unique for every website. And, you won’t need to remember any of them.
- Never reuse passwords. If you have reused passwords, take time to change them now, before it’s too late. Threat actors buy up username and password lists and start trying to login with the username and password on other sites, like Twitter, Facebook, and Spotify.
- If you are alerted that a password has been compromised, change it immediately and see item number three, above.
- Be wary of short URLs. Malicious links are sometimes sent in short URLs through social media. Check short URLs with a tool like www.checkshorturl.com to preview the real address before clicking.
- Be aware of doppelganger domains, which are domain names that look like a valid, trusted domain such as “goog1e.com.” If you don’t look closely at URLs sent in email, you could quickly overlook this.
- Visit https://haveibeenpwned.com/. This site is hosted by a respected cybersecurity professional named Troy Hunt. Make sure to enter all work and personal email addresses and subscribe to get updates. If your email address is ever found in a data breach, you will be alerted.
Learn more about spear phishing and how to protect yourself and your organization with Hikvision’s Cybersecurity Center resource.