Spear phishing is a type of scam that typically uses email to target an individual within an organization. Typically, the goal of spear phishing is to get users to perform a task that can cause data or financial loss. For example, they may ask the user to initiate a wire transfer.
While you may be aware of what a typical phishing scam, spear phishing takes it another step further by specifically targeting your company- often using prior research. They may impersonate individuals within your company, such as the CEO or CFO. They can even go as far as creating an e-mail domain that looks very similar to your company’s e-mail address.
The main difference between a standard phishing attack and a spear phishing attack is the intended targets. Think of a phishing attack as casting a wide net. Bad actors will typically use this scam to go after as many targets as possible. For example, they could impersonate a utility company, an online store, or a streaming service. You’ve probably seen a spam email (or ten) that employs this tactic.
Spear phishing, to contrast, has a narrower audience in mind. They may target a specific company, a team within a company, or even a single individual. Scammers can scrub data about companies from their websites, social media accounts, or news articles about the company. They can then use these details, like the name of a CEO, in an email to make it sound more legitimate.
Targeted cyber attacks, such as spear phishing, can end up costing companies millions of dollars and expose customer records. With email being a constant form of communication in businesses today, anyone within your company that has an email address could be the target of a spear phishing attempt. As a business owner, you should educate your employees on what to watch for in order to catch a spam email, as well as what the company procedure is if they think they have received a spear phishing email.
A spear phishing email can be hard to catch for many reasons. Here are a few things that are common in a spear phishing email that you should be aware of:
Are your employees trained to recognize what a phishing attempt could look like? Since your employees likely open and read emails every day, employee training on how to spot and report a phishing attempt is critical. Educate your employees on how a phishing attempt could harm your organization, and share examples of what an attempt could look like. You can even create simulated phishing campaigns. It is important to repeat this training throughout the year, as well as when you have new members join the team.
What do cyber insurance policies cover? Business owners should check their specific cyber policies to see if phishing is covered. Some policies may have specific terms that must be met in order for a phishing attempt to be covered. If you find that your current cyber policy does not cover phishing fraud, reach out to your local insurance agent to see if you can obtain additional coverage.
Not having cyber insurance could put your business at risk. Requesting a cyber insurance quote for your business is as simple as filling out our form here. At Cross Insurance, we work with many insurance carriers– from local companies to national names. If you prefer to call someone to start the quoting process, you can find a list of our offices as well as phone numbers here.
While you may find that a number of cyber policies seem like they have comparable coverages, not all cyber coverage plans are designed the same. Some common things that Cyber Liability insurance will typically cover are:
Spear phishing targets individuals within a specific company to perform a task that may cost data or financial loss. They can craft convincing emails using information about your company that they can find online. A cyber attack could cost a business millions of dollars, as well as expose company records. In addition to having a cyber insurance policy in place, companies should also be training their employees on a regular basis on how to detect a spear phishing attempt.
___________________________________________________________________
This article is for general informational purposes only and is not to be relied upon or used for any particular purpose. Cross Insurance shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal, insurance, accounting or other professional advice, nor shall it serve as a substitute for the recipient obtaining such advice. The views expressed in this article are that of its author and do not necessarily represent the views of Cross Financial Corp. and its subsidiaries and affiliates (“Cross Insurance”) or Cross Insurance’s management or shareholders.
We are pleased to announce Michelle Ibarguen, Director of Corporate Relations, was this year’s recipient of the Maine CPCU Society Chapter’s Lee Allen award. The
Insurance for Law Firms and Offices It is important for law firms and offices to have appropriate insurance coverage. The idea of finding coverage and
ATV Insurance for Maine Riders What qualifies as an ATV? Have you ever wondered what qualifies as an ATV? The abbreviation ATV stands for “All-terrain
