Cibersecurity Newsletter
AUGUST 2020

Spear Phishing

Did you know… 88% of organizations have reported the occurrence of Spear Phishing attacks in 2019?

Have you got any e-mails or any other type of suspicious digital communication where:

Check

The beginning of the body of the text was personalized with your name?

Check

There were references to friends, colleagues, or people in your organization?

Check

There were references to projects or proposals where you were involved?

Spear Phishing is directed to specific targets, whether they are individuals or organizations.
It usually occurs via e-mail and aims to lead victims to disclose sensitive data or access malware. For the communication to appear reliable, attackers extract and use information available online, concerning the organization or people involved in the communication, therefore creating a false sense of credibility and security in the recipients.

Learn how to act to protect yourself:

1. Be aware of fake senders

Check

Always analyse the sender of the communication your received, because there’s a chance that the communication has been tampered to look like a communication from a trusted entity, partner, or user

Check

Look for subtle manipulations in the sender, such as replacing the letter “o” by the number “0”, the letter “w” by the Russian alphabet letter “ш”, or the use of the letter “I” instead of the letter “l”

Check

Make sure that the top domains are the domains of the organization that sent the communication

Image25

2. Be thorough and think before you act

Check

Reflect about what is being asked. In the event it involves any sensitive personal or professional information, never disclose such information via e-mail

Check

Never make any type of payment, even if the request seems urgent. In a work setting, report and review this type of situations with the financial department of your organization

Check

Validate the need for these requests made via e-mail by using an alternative mean, whenever possible

Check

In case of doubt, do not follow the instructions in the suspicious communication and report it to the security team of your institution, avoiding risks

Image24

3. Step up your attention to content, software, and devices

Check

Do not click on links, visit, or log into websites that are embedded in the e-mail body without making sure they are secure (learn how in point 2)

Check

Do not download attachments from suspicious e-mails to your devices. Malware can be attached under different formats and also as links, often from legitimate websites, because they are less likely to be blocked by the technical controls that are implemented

Check

Keep security software of professional and personal devices up to date, therefore shielding them from a wide variety of threats

Check

Update your credentials regularly and be strict about password quality, therefore decreasing the risk of your account being used to enable this type of attack

Check

At the organizational level, implement technical controls for the inspection and filtering of e-mails in e-mail servers and endpoint devices

Image2

SUBSCRIBE OUR NEWSLETTER


Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.