Cybersecurity blog Cybersecurity blog
Spear Phishing: Danger In Familiarity
Facebook Twitter LinkedIn

Spear Phishing: Danger In Familiarity

Ragnar Sigurðsson
4 min read ∙ May 15, 2019

Spear phishing is a specific cyber-attack aimed at an individual or individuals that are associated with an organisation.

The US Federal Bureau of Investigation (FBI) gave the following example: “Customers of a telecommunications firm received an e-mail recently explaining a problem with their latest order. They were asked to go to the company website, via a link in the e-mail, to provide personal information—like their birthdates and Social Security numbers. But both the e-mail and the website where bogus.”

The key to spear phishing is that the criminal knows something about the recipient. In the FBI’s example, the criminal knows that the recipients were customers of a telecommunications company. It’s that small piece of information lends credibility to the scam.

The Dangers of Spear Phishing

Imagine your staff getting an email from a criminal that says they would like to place an order at your restaurant. The email includes a word document with instructions to enable editing, and therefore open the floodgates for malware. This is exactly what happened at the restaurant chain Chipotle when millions of customers’ credit card numbers were stolen.

Spear phishing attacks differ from phishing attacks in that they are targeted to a specific group. In a traditional phishing attack, there is no information that shows that the sender knows who they’re reaching out to.

How To Prevent Spear Phishing

Educate and train employees

Education is the most important way to prevent spear phishing in your business. Teach your staff what to look for and make sure that they understand the dangers of spear phishing.

Here are some of the guidelines that you can teach your employees to prevent spear phishing: 

  • Simply never use links in emails
    Teach your employees to never click a link in an email. If a bank, or even your own company, requests that they log in or make changes, they should go to their browser and type in the URL themselves.
  • Verify URLs
    Every hotlink in an email or even on a website redirects to someplace else. Teach employees to look at the URL more than once before clicking anything. One of the tricks that criminals use is to create a close approximation of a domain. For example, to trick someone into clicking a page, they will change to The name is close enough to trick someone who is not reading closely.
  • Never give out personal data
    One simple rule to institute is to tell employees to never share any information like passwords or account numbers. Unless they are instructed to do so by management, they should never share any information. Moreover, they should never share it via email or any other electronic medium. Anything typed into a computer connected to the internet is susceptible to having information stolen.
  • Be careful with social media
    The more information that employees put on social media, the easier it can be for criminals to spear phish them. Criminals can use online information to increase confidence in the recipients.

Spear Phishing Prevention With Software

 There are several steps that you can take using software that can protect your company.

  • Keep your software up-to-date
    Spear phishing relies on malware to infect your system. By having the most recent patches and security software, you can minimize the risk of the malware if it arrives.
  • Antiviruses
    Antivirus software is, and always will be, a necessity. Look for software that scans and updates itself constantly. It could prevent malware from getting a foothold on your server.
  • Encrypt sensitive data
    File and data encryption is a great way to keep spear phishers from being able to use the data. All of the sensitive data on your network should be encrypted. This keeps any data that a criminal receives from being useful for anything.
  • Multi-factor authentication
    If someone asks for an employee’s password, but there are multiple layers of protection, the password is useless. For example, if your system is protected with passwords and bio-metrics, a password is useless on its own.

Staying Safe From Spear Phishing

All spear phishing is based on human behavior. Therefore, the best way to make sure that your system stays safe from spear phishing is to teach your staff what to avoid.

The technological solutions are powerful, but education and security awareness training are the most important elements.

Ragnar Sigurðsson
4 min read ∙ May 15, 2019

Become cyber secure

You and your employees are going to love AwareGO. It’s a modern, cloud-based system for managing human risk, from assessment to remediation. We’ve made it super easy — schedule your first assessment or training in minutes.

Get started for free and give it a go right now.

You’ll love the way AwareGO can fit into your existing infrastructure. Our robust APIs, widgets, and content available in SCORM format make sure that the integration is seamless. We also integrate with Active Directory, Google Workspace, and popular tools like Slack and Teams.

Contact us and our experts will recommend the best way to integrate.

Upgrade your cybersecurity business by adding human risk management to your existing portfolio of services. Increase your deal size by leveraging Human Risk Assessment or offering Security Awareness Training to your current customers and creating a new revenue stream.

Contact us to become an AwareGO partner, and we will support you every step of the way.

Join top companies worldwide in the mission to make workplaces cyber-safe

Get started free
blank blank blank blank blank blank blank blank blank blank