How to Spot Vulnerabilities Related to Targeted Phishing Attacks
Hikvision on 3 Tips to Avoid Security Concerns from Spear Phishing
Cybercriminals continue to find new ways to exploit vulnerabilities, and targeted phishing is the subject of the Security magazine story, “The art of targeted phishing: How not to get hooked.”
What is phishing? Phishing attacks have long been an effective way for attackers to trick people into divulging sensitive information or infecting a system with malware. Malware can give an attacker remote access to protected systems and networks, encrypt a user’s data and charge a ransom to decrypt the data, or use that system as part of an attack against other systems.
Targeted phishing attacks direct efforts toward a particular group of people, using social engineering to attempt to get these individuals to divulge sensitive information. By using information from social media or other sources, the targeted phishing emails appear to be familiar or credible. Spear phishing is a type of targeted phishing attack that is focused on a specific person or organization.
From the article: “Not only do targeted attacks make it easier to tailor a lure for victims and make it look more authentic and convincing, but they can also home in on higher-value targets. With spear phishing, attackers can focus on compromising specific business-critical machines or gaining access to higher value business accounts that will score the criminal a larger payday at the end of the attack.”
Hikvision covered spear phishing, and ways to avoid the security concern in this blog: “Part Two: An Overview of Spear Phishing Hacks by Hikvision Senior Director of Cybersecurity.” Below are three tips to help you prevent becoming a victim of spear phishing. Read the entire article for a full list of recommendations.
- Never reuse passwords. If you have reused passwords, take time to change them now, before it’s too late. Threat actors buy up username/password lists and start trying to login with the username and password on other sites, like Twitter, Facebook, and Spotify.
- Use two-factor authentication (2FA) or multi-factor authentication (MFA) everywhere possible.
- Use a password manager. This will allow you to make great passwords (20 plus characters) that are unique for every website. And you won’t need to remember any of them.