In November 2017, hackers sent out spear phishing emails specifically targeting employees who handled their companies’ finances. To trick the employees into falling for the scam, they made the emails appear to be from trusted business associates. Learn more about this spear phishing attack and how to protect your business from this type of scam.

In November 2017, security researchers discovered a new spear phishing email campaign targeting employees who handled their companies’ finances. The cybercriminals masqueraded as business contacts the employees knew and trusted. To trick an employee into thinking the email came from a trusted business associate, they spoofed the name that appeared in the “From” field so that it showed the associate’s name.

The emails’ context varied, but they all mentioned invoices. For example, the subject line of one email noted that an invoice was due. The email’s message read, “I tried to reach you by phone today but I couldn’t get through. Please get back to me promptly with the payment status of this invoice below.” The message included a link for the recipient to click to see the invoice.

In another case, the email’s subject line mentioned an address update, but the message also alluded to an invoice. The message read, “I’m providing you with my new address and invoice details below.” The message included a link for the recipient to click to get the new address and invoice.

In both cases, the email itself was harmless and could simply be deleted. However, if the email recipients clicked the link, they triggered a cyberattack.

This email campaign highlights an important characteristic of spear phishing attacks: Companies are usually the target. Therefore, it is important to take measures to protect your business from this type of scam. One way is to use a three-phase approach.

Phase 1

Employees cannot fall for spear phishing scams if the emails never reach their inbox. Thus, you should try to prevent as many malicious emails as possible from reaching your employees by keeping your company’s email filtering and anti-malware tools up-to-date. You might even consider getting an email security solution designed to catch spear phishing and other types of malicious emails.

Another preventive measure is to make your company harder to target. Cybercriminals often obtain the information they need to personalize spear phishing emails from company websites and social media networks. So, it is a good idea to make sure that potentially sensitive information (e.g., employees’ email addresses and job titles) is not publicly available on your company’s website or social media pages. You might even consider implementing a social media policy that provides guidance on the types of company-related information employees should avoid posting on their personal social media pages.

Phase 2

Despite your efforts to prevent spear phishing emails from reaching employees’ inboxes, some will likely make it through. For this reason, it is important to educate employees on how to spot these scams. Common signs include:

• Spoofed name in the “From” field
• A deceptive URL (the actual URL does not match the displayed linked text or web address)
• An email attachment
• The sender tries to get the recipient to perform an action (e.g., click a link or open an email attachment)

When discussing spear phishing scams with employees, you should stress the importance of not clicking links in emails, even if the emails appear to be from people they know. You should also show them how to check for deceptive URLs and spoofed names in the “From” field. If the URL or email address seems suspicious, have them call the email’s sender to make sure the person sent it.

Phase 3

Cybercriminals are becoming more skilled at creating spear phishing emails, so employees still might fall for a scam, even if they know the basics on how to spot one. Therefore, it is best to take measures that will help mitigate the effects of a successful attack. One effective measure is to regularly perform backups and test the backup files. Having restorable backup files ensures that you won’t lose your data or have to give into a cybercriminal’s ransom demand if a successful spear-phishing scam leads to ransomware or another type of malware infection.

Develop a Plan of Action

The specific steps required in each phase will vary depending on the security measures already in place in your company. We can assess your security defenses and help you develop an action plan. We can also provide recommendations on how to protect your business from other types of malicious attacks.