Businesses are under constant attack. It seems that every week there are news headlines of another breach affecting millions of people. A large breach can cost a company millions of dollars — not to mention the cost to a good reputation (which you can’t put a price on).
While spear phishing is unique in that it is highly customized to the recipient to increase the chance of exploitation, the defenses against spear phishing are similar. If a user gets a suspicious email, they should call the sender and verify they sent it. Users should always avoid sending confidential information over email. Because spear phishing attempts to imitate legitimate users, it is typically very easy to verify if an email is legitimate by simply calling the apparent sender.
IT staff at CBE takes security of our data very seriously. All staff is trained to be very diligent in his or her awareness of email received and if it doesn’t seem right, there are processes in place to report it.
Review the following tips to help avoid becoming a victim of phishing attacks:
- Never provide personal or financial information in a response to an email request, no matter who appears to have sent it
- If you receive an email message that seems suspicious, call the person or organization listed in the “From” line before you respond or open any attached files
- Never click links in an email message that requests personal or financial information
- Report any email that you suspect might be a spear phishing campaign to your IT Team
This blog post was authored by CBE’s Security Team.