Best Practices to avoid spear phishing Attacks
- Limit sharing personal information in mail forums or any other social media platforms. The more personal details share it is easier for cyber attackers to craft a spear phishing email that appears relevant and genuine.
- Verify the source of the mail if receive an email that asks to open an attachment or click on a link or requests sensitive information. If the email appears to come from a company or a person know, cross check with the contact details already have on file and contact the sender and verify that the sender is genuine.
- Support organization’s security efforts by following the appropriate security policies and making use of the security tools that are available, such as antivirus, encryption and patching.
- Always remember that technology cannot filter and stop all email attacks, especially spear phishing emails. If an email seems a bit odd at first sight, read it carefully. If users are concerned that may have received a spear phishing email or fallen victim to spear phishing attack, contact help desk or information security team immediately.
- Employers should train staff, to make them aware of company policies regarding communication and security policies.
The adoption of proper security measures will reduce the chances of occurrence of such attacks. Technical solutions can only aid to identify malicious e-mails. Proper training to employees can help users from falling prey to social engineering schemes or legitimate-looking e-mails. Government agencies and security companies are the most targeted by spear phishing attacks, and hence proves that, regardless of the magnitude of the technical security solutions employed, the actions of even just one unaware user can be potentially disruptive.