{"id":373,"date":"2021-04-08T18:13:23","date_gmt":"2021-04-08T17:13:23","guid":{"rendered":"http:\/\/sawted.com\/sawted\/?p=373"},"modified":"2021-04-08T18:36:56","modified_gmt":"2021-04-08T17:36:56","slug":"%ef%bb%bfhow-are-your-defences-against-spear-phishing","status":"publish","type":"post","link":"https:\/\/sawted.com\/sawted\/%ef%bb%bfhow-are-your-defences-against-spear-phishing\/","title":{"rendered":"\ufeffHow are your defences against spear-phishing?"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"850\" height=\"400\" src=\"https:\/\/sawted.com\/sawted\/wp-content\/uploads\/spearphising.gif\" alt=\"\" class=\"wp-image-375\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Let us look more closely at phishing or, more specifically, <a href=\"https:\/\/phoenixnap.com\/blog\/wp-content\/uploads\/2019\/01\/how-spear-phishing-works.png\" target=\"_blank\" rel=\"noopener\">spear-phishing<\/a>, what it is and how the fraudsters trick you into clicking on a link or downloading an email attachment. Most common phishing attacks are blocked by your internet service providers, anti-virus software and software providers. But spear-phishing is a little different, and these emails are far more likely to evade your hardware and software defences and appear in your inbox. In case you think clubs are not a target, remember that you have both staff and many members, providing a broad attack surface.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p class=\"wp-block-paragraph\">Small businesses are subjected to over\n65,000 phishing emails a day, with one success every 19 seconds. Fraudsters are\nbecoming ever more sophisticated. They carefully research their intended\nvictims so they can make any email look genuine. Some even find out your family\u2019s,\nfriends\u2019 and pets\u2019 names, what your interests are, and where you go on holiday.\nThey may take months to gather such information, so they know a lot about you. Then\nthe fraudster uses all kinds of psychological means to trick you. He may place\nyou under time pressure, tell you how to secure a substantial government or\ncouncil grant or frighten you by saying you have not paid a fine. It may be an\nemail that looks as if it has come from one of your suppliers or members. Fraudsters\u2019\ncampaigns are targeted. They want to trick or con you into reacting. Once you\nhave clicked on a link or downloaded an attachment, the fraudsters have you speared,\nhence the term spear-phishing.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As a manager, you will be aware of the\nissues and attempt to instil a cautious attitude to emails in your staff. But, genuine\nmistakes will happen, and when they happen, any malware may spread laterally to\nall systems in the club\u2019s network. Recovery from a failure costs money, takes\ntime and damages the club\u2019s reputation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While we know that we should be wary about clicking\non a link or downloading an attachment, some are genuine and needed for our jobs.\nDistinguishing the bad from the good is a skill in its own right. Technology\ncan help to an extent but cannot safeguard you against everything. Here are\nthree simple <strong>human-related defences<\/strong> against phishing attacks.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Double-check who the email is\nfrom. The email header may say it is from John Smith, but when you check the\nsender\u2019s actual address, you see that it is from someone or somewhere\ncompletely different. Your spam filters will not necessarily stop them all, so\nit is always a good idea to \u201ccheck before you click\u201d.<\/li><li>Some links are incorporated\nwithin the text of the message. For instance, click here to find out\nmore, or click here to get the latest report. To check it out, let the\ncursor hover over the link but do not click the mouse. The full address will be\ndisplayed. Do you know it? Is the link secure (https:\/\/&#8230;)? Does it look\nsensible? <\/li><li>Check if any link address given\nin full looks genuine. For example, <a href=\"https:\/\/www.hmrc-refund.com\" target=\"_blank\" rel=\"noopener\">https:\/\/www.hmrc-refund.com<\/a>\nis not a safe address as all UK government addresses will end in .gov.uk.\nHowever, <a href=\"https:\/\/www.refund.HRMC.gov.uk\" target=\"_blank\" rel=\"noopener\">https:\/\/www.refund.HRMC.gov.uk<\/a>\nis a subdomain of HMRC and is genuine. It is also possible that a link that\nlooks good, such as <a href=\"https:\/\/www.thegolfclubsecretary.co.uk\" target=\"_blank\" rel=\"noopener\">https:\/\/www.hmrc.gov.uk<\/a>,\nis hiding a different address. Hover over it, and you will see it reveals a\ndifferent destination!<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\n\n\n\n\n\nDefending against these phishing threats\ninvolves making people aware of the risks and giving them the knowledge and\ntools to protect themselves. The trouble Is that people may be diligent in\nchecking emails after training but will revert to old habits over time.\nConsequently, an ongoing testing and education programme is needed for you and\nyour staff to become a human firewall against phishing attacks.\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let us look more closely at phishing or, more specifically, spear-phishing, what it is and how the fraudsters trick you into clicking on a link or downloading an email attachment. Most common phishing attacks are blocked by your internet service providers, anti-virus software and software providers. But spear-phishing is a little different, and these emails [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-373","post","type-post","status-publish","format-standard","hentry","category-cyber-security"],"_links":{"self":[{"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/posts\/373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/comments?post=373"}],"version-history":[{"count":3,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/posts\/373\/revisions"}],"predecessor-version":[{"id":378,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/posts\/373\/revisions\/378"}],"wp:attachment":[{"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/media?parent=373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/categories?post=373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/tags?post=373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}