Hackers never seem to tire of devising ingenious ways to inflict mayhem. An alarming new threat has emerged known as “Spear Phishing.” This phishing technique uses a personalized email message that’s designed to pique your interest. It might be a conference invite, an invoice, or a missions support plea.
Spear phishing messages, which appear genuine and often convey a sense of urgency, are ruses to get you to provide sensitive information (such as your login and password) or entice you to click on a link that contains an infectious virus. Often, these email “spears” pass through SPAM filters because they appear to be legitimate.
RSA, a security software firm, reported that about one in every 300 emails in 2011 was a phish. A growing number are being received at work email boxes as personalized “spear” messages addressed to specific employees, sometimes including details mined from social networks to make them appear valid.
Keeping your anitvirus software and spam filtering up to date will help weed out these nefarious emails. However, hackers are adept at getting them to pass through undetected. This is where employee training helps. Microsoft lists the following components of scam emails:
- Alarmist messages and threats of account closures
- Promises of money for little or no effort
- Deals that sound too good to be true
- Requests to donate to a charitable organization after a disaster that has been in the news
- Bad grammar and misspellings
A best practice is to only open email from trusted sources.
What is your ministry doing to guard against spear phishing attempts?