Spear Phishing: A Cyber Attack Businesses Should Watch Out For

What is Spear Phishing? 

Spear phishing is a type of scam that typically uses email to target an individual within an organization. Typically, the goal of spear phishing is to get users to perform a task that can cause data or financial loss. For example, they may ask the user to initiate a wire transfer.

Phishing vs. Spear Phishing  

While you may be aware of what a typical phishing scam, spear phishing takes it another step further by specifically targeting your company- often using prior research. They may impersonate individuals within your company, such as the CEO or CFO. They can even go as far as creating an e-mail domain that looks very similar to your company’s e-mail address.

The main difference between a standard phishing attack and a spear phishing attack is the intended targets. Think of a phishing attack as casting a wide net. Bad actors will typically use this scam to go after as many targets as possible. For example, they could impersonate a utility company, an online store, or a streaming service. You’ve probably seen a spam email (or ten) that employs this tactic.

Spear phishing, to contrast, has a narrower audience in mind. They may target a specific company, a team within a company, or even a single individual. Scammers can scrub data about companies from their websites, social media accounts, or news articles about the company. They can then use these details, like the name of a CEO, in an email to make it sound more legitimate.

Why Should Businesses Be Aware of Spear Phishing? 

Targeted cyber attacks, such as spear phishing, can end up costing companies millions of dollars and expose customer records. With email being a constant form of communication in businesses today, anyone within your company that has an email address could be the target of a spear phishing attempt. As a business owner, you should educate your employees on what to watch for in order to catch a spam email, as well as what the company procedure is if they think they have received a spear phishing email.  

paper that says how to avoid phishing scams

How to Spot a Phishing Email 

 A spear phishing email can be hard to catch for many reasons. Here are a few things that are common in a spear phishing email that you should be aware of:

  • Urgency – Typically the person sending the email will insist that the action needs to be done immediately. They may say that they are in a meeting, or that they are busy and cannot do it themselves.
  • Requesting to only use email – If the sender requests that you do not call with questions, this should be a red flag for you. Spear phishing relies on impersonation through email. A good practice is to always confirm with the person involved by either having a face to face conversation, or calling them on the phone.
  • Pay attention to details – fake email domains may be used that often look similar to the ones your company uses. Look for variations like different spellings.
  • Always be suspicious of links and attachments – Be cautious when downloading attachments from emails. Hover over links to see the destination before clicking on them.

Phishing Awareness Employee Training  

Are your employees trained to recognize what a phishing attempt could look like? Since your employees likely open and read emails every day, employee training on how to spot and report a phishing attempt is critical. Educate your employees on how a phishing attempt could harm your organization, and share examples of what an attempt could look like. You can even create simulated phishing campaigns. It is important to repeat this training throughout the year, as well as when you have new members join the team.

Is Phishing Covered by Cyber Insurance? 

What do cyber insurance policies cover? Business owners should check their specific cyber policies to see if phishing is covered. Some policies may have specific terms that must be met in order for a phishing attempt to be covered. If you find that your current cyber policy does not cover phishing fraud, reach out to your local insurance agent to see if you can obtain additional coverage.  

a fishing hook grabs a credit card from a stack of other cards

Cyber Insurance Quotes for Businesses 

Not having cyber insurance could put your business at risk. Requesting a cyber insurance quote for your business is as simple as filling out our form here. At Cross Insurance, we work with many insurance carriers– from local companies to national names. If you prefer to call someone to start the quoting process, you can find a list of our offices as well as phone numbers here.   

What is Typically Covered by Cyber Insurance? 

While you may find that a number of cyber policies seem like they have comparable coverages, not all cyber coverage plans are designed the same. Some common things that Cyber Liability insurance will typically cover are:

  • Legal fees
  • Notifying customers about a data breach
  • Recovery of compromised data
  • Repair for damaged computer systems

Recap 

Spear phishing targets individuals within a specific company to perform a task that may cost data or financial loss. They can craft convincing emails using information about your company that they can find online. A cyber attack could cost a business millions of dollars, as well as expose company records. In addition to having a cyber insurance policy in place, companies should also be training their employees on a regular basis on how to detect a spear phishing attempt.

 

___________________________________________________________________

This article is for general informational purposes only and is not to be relied upon or used for any particular purpose. Cross Insurance shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal, insurance, accounting or other professional advice, nor shall it serve as a substitute for the recipient obtaining such advice. The views expressed in this article are that of its author and do not necessarily represent the views of Cross Financial Corp. and its subsidiaries and affiliates (“Cross Insurance”) or Cross Insurance’s management or shareholders.

Request a Cyber Insurance Quote

More Resources