Business Resource Center

The resource center provides you with access to tools and information to help you best manage your business. Take advantage of our in-depth content, weekly business columns/blogs, tools, industry solutions, and much more to grow your business.

Technology Tip

Technology Tip
Dave Pelland has extensive experience covering the business use of technology, networking and communications tools by companies of all sizes. Dave's editorial and corporate experience includes more than 10 years editing an electronic technology and communications industry newsletter for a global professional services firm.

Protecting Your Small Business Against Spear-Phishing Attacks

Protecting Your Small Business Against Spear-Phishing Attacks

The security threat caused by phony “phishing” emails that try to trick users into clicking links embedded in messages has evolved into more sophisticated “spear phishing” messages that are personalized and targeted at specific companies and, in many instances, individuals.

Phishing emails, which are typically designed to look like they came from banks or other large companies, are sent to millions of people in the hope a few will click a link and enter their security credentials or download malicious software.

Spear phishing messages take this approach even further with emails that look like they were sent by someone, or a company, you know or do business with. This may be a customer, service provider, or fellow team member.

Because the messages look like they come from someone you know, most people drop their suspicion and take the requested action. In most cases, this prompts them to click a link or, in some cases, to authorize an emergency payment (often by wire transfer) to a vendor that turns out to be a scam.

Targeted Messages

Spear phishing messages are more dangerous than regular phishing emails because they’re targeted to specific users, and often include details that have been harvested from the recipient’s social media accounts.

For instance, a hacker targeting a business user will often check a potential victims LinkedIn account to try to figure out that persons customers and connections, and will include relevant details in their message. This added personalization makes the message seem even more realistic.

For instance, a common scam is for a user to receive a message from a service provider saying their account credentials have been compromised and have to be changed. The message, which will include enough details to be plausible, also contains a link to a fake website designed to capture the genuine user name and password — which the hacker then exploits.

Spear phishing emails are also used to distribute links that cause a victim to download ransomware – malicious software that encrypts a companys data until it pays to regain access to its information.

Anti-Phishing Defenses

Small businesses can take a number of precautions to help reduce the risk of being victimized by a spear-phishing attack.

For instance, it’s important to restrict access to sensitive information to people who absolutely need to have it, and to require two signatures or additional authorizations on transactions above a specific dollar amount. While these are good practices for all companies, their importance is heightened by the phishing threat from hackers.

Other effective measures include:

  • Use two-factor authentication on online accounts. This security method involves a website sending an access code to the phones of authorized users as they log in. Even if a password is compromised, the hacker can’t access the account without the proper credentials and the device that receives the authentication code.
  • Verify email requests by phone or text. If an employee receives a message asking for information or to take an action, a call or text can verify its validity quickly.
  • Install anti-virus and anti-malware software, and keep them up to date.
  • Avoid sharing or re-using passwords. If one account is compromised, using the same credentials over and over compounds the damage.

With some careful precautions, you can help reduce of the risk of your business being victimized by spear-phishing attacks.

Read other technology articles.
Credit card

Lost/Stolen Cards

Debit Cards Call 1-800-554-8969, Credit Cards Call 1-855-325-0903
Discuss (chat)

Contact Us

Call, come in, click. Here are all the ways to reach us.
Paper and Pencil (alternate)

Open an Account

Already know which account is right for you? Start here.