eCommerceNews New Zealand - Technology news for digital commerce decision-makers
New Zealand
Guides
#
business intelligence
#
commerce systems
#
customer data platforms
#
marketing technologies
#
payment gateways
Search
Story image
#
Cybersecurity
#
Email Security
#
Malware
Spear phishing
Mon, 1st Nov 2010
FYI, this story is more than a year old
By Staff Writer
Follow us

You probably have heard about ‘phishing’ attacks, where cyber criminals attempt to penetrate a business network to steal valuable information. But ‘spear phishing’ is a more recent phenomenon, in which a specific company, or individual staff, are targeted. If your company has developed a unique product which has serious money-earning potential, then you could be subject to a spear phishing attack, and you need to take special precautions.What the phisher is trying to do is penetrate your computer network, and a common way of doing this is to entice you to let them in. They can do this by looking at the names and email addresses of employees that are often listed on company websites. Social networking pages, either those of the business or those run by individual employees, are also favoured. They may even start with a phone call, in the guise of a potential customer, seeking information (this is known as ‘vishing’ or ‘voice phishing’). The next step is to start sending emails to their ‘targets’. They may contain attachments with special offers or links to places where useful information can be obtained. The aim is to get those attachments and/or links opened inside the company firewall; then the malware they contain can be downloaded on the employee’s computer, creating a gateway to the server. Phishers can be quite patient and subtle in their approach, taking time to build a rapport with the unsuspecting employee. But once in, they will work quickly, lifting information wholesale with a view to selling it to the highest bidder, before the breach is detected.The way to foil such attacks is twofold: firstly, if your data is sensitive and valuable, you need to protect it appropriately. If you’re still managing your own server security, it may be time to graduate to a managed security system maintained by experts, who can monitor it for possible intrusions and keep protection up to date. The second, but no less important step, is to educate staff about requests for information from previously unknown sources. Any such approaches should be checked for their bona fides before any information is given out. Extra care should be taken with incoming emails, and software that scans attachments and links should be mandatory.

Related stories
Half of online traffic in 2024 generated by bots, report finds
Exclusive: How Fluent Commerce is shaking up the OMS industry
Review: Avast Ultimate Business Security - comprehensive to say the least
Gallagher Security sweeps up at 2024 New Zealand OSPAs
Exclusive: How FUJIFILM continues to evolve and innovate
Top stories
Unleash the potential of AI and elevate customer-centric marketing
Manhattan Associates boosts retail with omni channel updates
Exclusive: What makes HPE's Greenlake solutions stand out
Creating the blueprint for introducing AI and robotics to business: A hospitality perspective
Chatbot market set to surge to $4.9 billion by 2033 says FMI