A new report says small businesses are a spear phishing paradise. According to Barracuda, employees of small businesses were 350 times more likely to receive a social engineering attack than a large business. The report from Barracuda looked at the dates between January 2021 and December 2021.
Social Engineering Attacks
These types of attacks look to gain information or access by hacking the human instead of hacking the device or network. Social engineering can be a myriad of attacks, like phishing, SMSishing, Vishing, tailgating, impersonation, and business email compromise. These attacks typically involve pretending to be someone else to gain your trust so you perform an action the hacker wants you to do.
Spear Phishing Trip
Spear phishing is a specific type of phishing email. These kinds of attacks focus on specific people or departments of an organization. For example, spear phishers may target human resources, the sales team, or the finance and payroll teams. They may also focus on certain individuals, like the presidents or vice presidents, CEOs, administrative assistants, etc. in hopes of tricking them into giving up information or allowing access.
Spear phishers tend to pretend to be someone else. They can pretend to be a coworker or your boss or they will often pretend to be from another company, like Microsoft, Google, or USPS as an example. They may even pretend to be from your IT company or financial institution.
What you can do
Answer these simple questions to minimize your risk to falling victim:
- Do you know the sender, caller, or texter?
- Are they urging you to open an attachment, to click a link, to give them personal or business information, or perform another task for them?
- Did the email, call, or text come outside of expected business hours?
If you answer yes to any of these, try and verify the sender, caller, or texter is legitimate. Don’t become a spear phishing paradise.