Internet security awareness training firm KnowBe4, warns the public of what could be the next wave of cybercrime—persistent spear phishing.
(TAMPA BAY, FL), Aug. 6, 2013 -- The American public and businesses today are under a constant, ever-growing threat of attack from cybercriminals who attack as many people and businesses as quickly and effectively as possible in order to access large amounts of sensitive information. In the first half of 2012 alone, there was an average of almost 33,000 phishing attacks per month, with an estimated worldwide loss of nearly $700,000,000 from phishing scams alone (1). Internet security awareness training firm KnowBe4 has long spoken out about the rise of cybercrime, and is now predicting an unprecedented level of hacking—persistent spear phishing.
Spear phishing consists of a phony, but authentic-looking, e-mail designed to target a particular individual or organization, in an attempt to "fish" out valuable information for financial, business or military gain—it differs from traditional phishing attacks in that it is not typically initiated by indiscriminate hackers, but rather is more likely to be conducted by criminals out for financial gain, trade secrets or military information. KnowBe4 founder, Stu Sjouwerman, says that criminals are now becoming relentless in their attempts, and will continuously attack the same target until they get the information they seek, an act he has coined "persistent spear phishing." And these attacks, per Sjouwerman, leave both businesses and the general public at risk of being targeted:
45% of banks have seen an increase in spear phishing attacks targeting employees over the last year;
Criminals target consumers by relying on personal information collected from public posts on social media sites and blogs, as well as with data collected from other breaches, to make the fraudulent e-mails appear legitimate. They ultimately convince consumers to click links that take them to spoofed sites which contain malware, or to provide login usernames and passwords that allow the attackers to compromise online banking accounts (2).
"Spear phishing creates a domino effect—once a business has been infiltrated, a hacker potentially has access to everything,"said Sjouwerman. "At that point, all the company can do is attempt to halt the attack and recover any stolen information. But the best bet is to prevent these incidents from occurring in the first place."
Avoid Becoming a Spear Phishing Victim
Sjouwerman insists that businesses and the public can limit their risk of falling victim to persistent spear phishing attempts by remembering the following:
Be wary of e-mails that appear to be genuine but redirect to strange or unknown links.
Never click a link to a website contained within an e-mail—always enter the URL manually instead or through a bookmark.
Legitimate businesses will never request personal information via e-mail. Never reply to an e-mail providing any sensitive information—if in doubt, contact the business directly using a verified telephone number.
Keep the Operating System, third party applications, firewalls and antivirus software constantly updated. Many browsers come with phishing filters, and these should be enabled for better protection against attacks.
In addition to the above tactics, Sjouwerman suggests that business owners consider educational resources for employees.
"For business owners looking to introduce security awareness training programs, engaging employees with an actual encounter of being spear-phished by sending out mock spear phishing e-mails is often an effective measure," said Sjouwerman. "Imitated persistent spear phishing e-mails present a memorable and highly relevant experience to employees, and also train them to properly react when a spear phishing attempt arrives in their inbox. Employee education and heightened awareness are more important than ever."
KnowBe4 provides an extensive collection of free cybercrime education resources so that executives and system administrators can arm themselves and their staff against cyberattacks. The company also offers a free phishing security testto help business owners and managers determine what percentage of employees are Phish-prone™, or susceptible to phishing attacks.
For more information, visit KnowBe4 online at www.knowbe4.com.
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500, Company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. He and his colleagues work with companies in many different industries, including highly-regulated fields such as healthcare, finance and insurance. Sjouwerman is the author of four books,with his latest eing Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.
1. "Phishing in Season: A Look at Online Fraud in 2012." RSA.com. RSA FraudAction Research Labs, n.d. Web. 19 Feb. 2013. blogs.rsa.com/phishing-in-season-a-look-at-online-fraud-in-2012/.
2. Kitten, Tracey. "FBI Warns of Spear-Phishing Attacks." Bankinfosecurity.com. Bank Info Security, 02 July 2013. Web. 25 July 2013. bankinfosecurity.com/fbi-warns-spear-phishing-attacks-a-5878/op-1.
Related Pages: Spear Phishing