Posted in: Information security, Latest News & Views
Finance employees typically have access to some of their companies’ most valuable information. That makes them a prime target for phishing attacks and other attempts by hackers to steal information.
While a lot of cyber crime still takes place through widespread malware, as hackers become more sophisticated many of their most dangerous attacks are targeted attacks — that is, attacks that are focused on a chosen organization. In those attacks, the criminals know what data they want and create custom malware to exploit specific vulnerabilities.
And it isn’t just large, well-known companies that are being targeted. In the first half of 2012, businesses with fewer than 250 employees were targeted 58 times per day, according to a study from Symantec. In total, 36% of all targeted attacks over those six months were focused on organizations of that size. That was double the percentage of targeted attacks aimed at small businesses in the second half of 2011.
More spear phishing attacks
One common method hackers are using in those attacks: so-called spear phishing. A phishing attack occurs when criminals send emails to people trying to get them to click on a malicious link or reveal some sensitive information. Those messages are often generic and sent to as many recipients as possible.
However, spear phishing is when hackers craft an email for a specific person. And in many businesses, they may be sent to the employees with access to the company’s sensitive financial information.
Here are some tips you can pass along to Finance employees to help avoid spear phishing attacks:
- Never send passwords, Social Security numbers, company or personal financial information, or other confidential data in an email message. Remember that financial institutions, government agencies and other organizations will typically never ask for sensitive information to be sent via email.
- Don’t click on any links — often a URL will be embedded in text with the address of a legitimate site but lead to a fake or malicious site. Navigate to the web page manually instead.
- Read the URL carefully — backwards and forwards. In many spear phishing emails and link that looks legitimate will actually be a slightly misspelled version of the true URL.
FinanceTechNews.com delivers the latest Finance news once a week to the inboxes of over 150,000 Finance professionals.