|New spear phishing attack identified|
When looking into the ways companies are hacked, you quickly realize that there are so many different tactics out there that it is mind-boggling. One of the more effective methods used recently is spear phishing, and in early December 2014, a new spear phishing attack was uncovered. This threat, while directed at larger organizations, could be turned against smaller businesses as well, and is therefore worth you knowing about.
What is spear phishing?
Spear phishing is an advanced form of phishing where attackers troll the Internet for relevant information about you and then create a personalized email that is sent to you. This email is usually developed so that it appears to be coming from a friend or trusted partner and contains links to a site or program that can initiate an attack or steal information.
More often than not, these links are to websites where you enter account information, passwords, and even bank account details, or any other personal information which can be used to break into computers and even steal your identity.
What is this latest spear phishing attack?
This new form of spear phishing, being carried out by an organization who calls themselves FIN4, has actually been around since as early as mid 2013. When they attack Wall Street listed companies they are doing so to steal valuable plans and insider information.
What we know is that they send highly savvy and targeted emails to people at a company, trying to harvest Microsoft Outlook account information. Once they have this crucial data they then target others inside, or connected to, the organization, with the same email, while also injecting the code into ongoing messages. This method can spread the attack quickly, leading to a potentially massive security breach.
In the email examples of this phishing threat, the attackers write mainly about mergers and other highly valuable information. They also include a link to a forum to discuss the issues raised further. These emails come from people the recipient already knows, and the link is to a site that asks them to enter their Outlook account and password before gaining access. When this information is entered, it is captured by the attacker and used to launch more attacks.
What can we do to protect our systems?
From what we know, this attack is being carried out largely against law firms, finance companies, and other large organizations. While this discounts many small businesses, there is a good chance that the attackers will turn to small businesses operating with larger companies at some point.
Because this is an email-based attack, you need to be extra vigilant when opening all emails. Be sure to look at the sender’s address, and read the body of the email carefully. While hackers generally have good English skills, they aren’t fully fluent, which means you will notice small mistakes. Also, keep in mind previous emails sent by the recipient. If the tone and style is off, then the email may be fake.
It is important to always look carefully at all links in email messages. If a link looks suspicious, then ask the recipient for more information or to tell you where the link goes. If you come across any site asking you to enter account information, be extra careful. Look at the URL address in your browser, if it doesn’t sat HTTPS:// before the address, then it may be a good idea to avoid this.
If you have any questions on spear phishing and how you can prevent it, contact us today to see how we can protect your business.
Published with permission from TechAdvisory.org. Source.
|Getting social media content shared|
Measuring the overall success of a marketing campaign is often dependent on a number of metrics. When it comes to measuring the success of your social media campaigns, the most common metric employed is the number of shares. Companies who post content online often find it difficult to get their content shared through. If this resonates with you then here are four common reasons as to why your content might not be be shared and what you can do about that.
|Looking at online backup solutions|
There are many different backup solutions out there available to small and medium sized businesses. While most owners are aware of the fact that any backup solution is important for a Disaster Recovery Plan, it can be tough to pick the right one for your business. One of the most popular is online backup. If you are considering which backup solution to choose then our overview should help you decide.
|Regin - is it really a big threat?|
Malware is a constant threat to a business’s security. However, with many malware infections we tend to be able to learn a lot about them in a very short amount of time, which weakens the power of each attack. There is a new threat called Regin however, that is leaving many security experts baffled. Here is an overview of Regin and what it means exactly for businesses.