The United States Department of Homeland Security (USDHS) in collaboration with the tech industry has dubbed the month of October “National Cybersecurity Awareness Month” (NCSAM). For the year 2019, the theme is “Own IT. Secure IT. Protect IT.” This comes near the end of a year that has seen a whole host of evolving cybersecurity threats; not the least of which being spearphishing.
What is Spearphishing?
You may have heard the term “phishing” in recent years. The phishing method is a type of electronic fraud designed to fool internet or phone users into revealing personal information. The phisher (i.e. the attacker) usually sends an email, a text message, or a direct message (DM) that has been crafted to look legitimate. This is done to earn the target’s trust or motivate him or her to click on a malicious web link or open a malicious attachment. The phishing attack takes many forms, and according to the Anti-Phishing Working Group, there were 1,220,523 unique phishing attacks that occurred between January 2018 and March 2018 alone.
The spear-phishing method is essentially phishing taken to the next level. Where conventional phishing may target a large group indiscriminately, spear-phishing will target an individual carefully and deliberately. These fraudulent messages may refer to the target (you) by name. They may include names of people you know personally or they might use recognizable logos in order to seem innocuous. The spear-phishing effort itself may be surprisingly well-researched: leveraging public information about the target that might be collected through social media. Overall, the message will be custom-tailored to lure a specific individual or an organization.
Health care providers have been especially hard-hit; as physicians are focused on helping patients. And even though medical institutions have the option of implementing mandatory cybersecurity training programs for high-risk employees; research published in 2019 shows this strategy alone is probably insufficient. For now, it would seem the reliable anti-phishing solution will be software-based.
Simple Ways You Can Protect Yourself
So how can you protect yourself online?
Among other things, the USDHS recommends that you use strong (non-guessable) passwords. Additionally, using two-factor authentication (2FA) and multifactor authentication (MFA) online can repel many attacks in ways that ordinary passwords cannot.
In terms of repelling phishing and spear-phishing attacks, experts within the USDHS recommend some basic precautions when dealing with online communications:
1. “Don’t just click on links.” Instead, inspect the link to see where it is directed or avoid using the link altogether.
2. Be careful about opening attachments. And if you don’t know where the email came from, don’t open the attachment.
3. Be careful with your information. Be suspicious of messages asking you for your personal information, your banking information, or something similar.
And as I often say, always use your preferred anti-malware tool to scan anything you download off the internet; even if it’s from a trusted source.
References
| [1] | National Initiative for Cybersecurity Careers and Studies, “National Cybersecurity Awareness Month 2019,” United States Department of Homeland Security, [Online]. Available: https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019. [Accessed 9 Oct. 2019]. |
| [2] | S. Chanti and T. Chithralekha, “Classification of anti-phishing solutions,” SN Computer Science, vol. 1, no. 1, 2019. |
| [3] | Anti-Phishing Working Group, “Phishing Activity Trends Report,” Anti-Phishing Working Group, 2018. |
| [4] | K. Sukel, “Spearphishing: A new cyber threat to prepare for,” Medical Economics, vol. 96, no. 4, pp. 35-37, 2019. |
| [5] | W. J. Gordon, A. Wright, R. J. Glynn and et. al., “Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system,” Journal of the American Medical Informatics Association, vol. 26, no. 6, pp. 547-552, 2019. |
| [6] | U.S. Department of Homeland Security, “Cyber Tip: Become Cyber Savvy…Protect Against Phishing Attacks,” U.S. Department of Homeland Security, [Online]. Available: https://www.dhs.gov/science-and-technology/cyber-tip-become-cyber-savvyprotect-against-phishing-attacks. [Accessed 9 Oct. 2019]. |
Important Notice: This article and its contents (the “Information”) belong to Unboxing-tomorrow.com and Voxidyne Media LLC. No license is granted for the use of it other than for information purposes. No license of any intellectual property rights is granted. The Information is subject to change without notice. The Information supplied is believed to be accurate, but Voxidyne Media LLC assumes no responsibility for its accuracy or completeness, any error in or omission from it or for any use made of it. Liability for loss or damage resulting from any reliance on the Information or use of it (including liability resulting from negligence or where Voxidyne Media LLC was aware of the possibility of such loss or damage arising) is excluded.
