Story image

Spear phishing

01 Nov 2010

You probably have heard about ‘phishing’ attacks, where cyber criminals attempt to penetrate a business network to steal valuable information. But ‘spear phishing’ is a more recent phenomenon, in which a specific company, or individual staff, are targeted. If your company has developed a unique product which has serious money-earning potential, then you could be subject to a spear phishing attack, and you need to take special precautions.
What the phisher is trying to do is penetrate your computer network, and a common way of doing this is to entice you to let them in. They can do this by looking at the names and email addresses of employees that are often listed on company websites. Social networking pages, either those of the business or those run by individual employees, are also favoured. They may even start with a phone call, in the guise of a potential customer, seeking information (this is known as ‘vishing’ or ‘voice phishing’).
The next step is to start sending emails to their ‘targets’. They may contain attachments with special offers or links to places where useful information can be obtained. The aim is to get those attachments and/or links opened inside the company firewall; then the malware they contain can be downloaded on the employee’s computer, creating a gateway to the server. Phishers can be quite patient and subtle in their approach, taking time to build a rapport with the unsuspecting employee. But once in, they will work quickly, lifting information wholesale with a view to selling it to the highest bidder, before the breach is detected.
The way to foil such attacks is twofold: firstly, if your data is sensitive and valuable, you need to protect it appropriately. If you’re still managing your own server security, it may be time to graduate to a managed security system maintained by experts, who can monitor it for possible intrusions and keep protection up to date. The second, but no less important step, is to educate staff about requests for information from previously unknown sources. Any such approaches should be checked for their bona fides before any information is given out. Extra care should be taken with incoming emails, and software that scans attachments and links should be mandatory.

How big data can revolutionise NZ’s hospitals
Miya Precision is being used across 17 wards and the emergency department at Palmerston North Hospital.
Time's up, tax dodgers: Multinational tech firms may soon pay their dues
Multinational tech and digital services firms may no longer have a free tax pass to operate in New Zealand. 
Spark’s new IoT network reaches 98% of New Zealand
Spark is the first company to confirm the nationwide completion of a Cat-M1 network in New Zealand.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Robots to the fore – Key insights for New Zealand Business into RPA in 2019
From making artificial intelligence a business reality to closer ties to human colleagues, robotic process automation is gearing up for a strong 2019.
50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Vocus & Vodafone unbundle NZ's fibre network
“Unbundling fibre will provide retail service providers with a flexible future-proofed platform regardless of what tomorrow brings."
IDC: A/NZ second highest APAC IoT spenders per capita
New IDC forecast expects the Internet of Things spending in Asia/Pacific excluding Japan to reach US$381.8 Billion by 2022.