HP Tech@Work
Today's trends for tomorrow's business
Complacency Will Cost You: Beware of Spear-Phisphing

Complacency Will Cost You: Beware of Spear-Phisphing

Spear-phishing is on the rise

Imagine spending years developing a product your research says will take the market by storm. Grow your small business into a major player. Rewrite the rules for much larger competitors.
Then comes the email from a potential investor who’s just as interested in your market as you are. All you have to do is click a link to learn more about the opportunity he offers. The email looks legit. You even recognize the venture capital firm this individual represents. All good, right?
Not so fast. Whereas a few years ago, email scams were pretty easy to spot with all of their misspellings and nonsensical offers, today’s online scammers have become much more sophisticated. Not only are they sending out well-crafted messages to cajole unwitting recipients into doing something they shouldn’t, they’re also targeting distinct individuals or particular pieces of information.
Called “spear-phishing,” this sort of attack aims to steal specific details from specific individuals. Most often, hackers disguise themselves as a friend or trusted source (such as your bank) to trick the target into releasing information - which accounts for 91 percent of attacks. The conduit for such attacks is often email but, lately, social sites like Facebook, LinkedIn, Twitter have become involved as well.
For instance, last year, the music streaming service Vevo was hit by a LinkedIn phishing attack that resulted in the exposure of more than 3TB of internal data, some of it highly sensitive. This included, videos, office documents, promotional material, yet to be used social media content, and information about recording artists signed to the participating record companies.
Another spear-phishing attack making the rounds involves a hacker posing as the CEO, president, partner or vendor of a company sending phony invoices to its accounting department. If the accounting department doesn’t catch such scams, they often go undetected. In education, for instance, HP recently met with officials from a school district where hackers stole a superintendent’s credentials. The “bad guys” sent two email invoices to finance posing as this individual, and they were paid $15,000.
While few small businesses disclose when they’ve been attacked, it is highly likely many are victimized by spear-phishing. Why? Well, for one thing, large businesses budget for cybersecurity in ways that small businesses simply cannot.
Hackers prefer soft targets. So they are increasingly going after less fortified small and midsized businesses. In fact, despite evidence to the contrary, 82 percent of small business owners believe they're not targets for attacks because they don't have anything worth stealing, according to Towergate Insurance research.
Yet, many businesses exist because they have a product or service worth selling. It follows, therefore, that they might have something worth stealing. Indeed, the vast majority of targeted attacks (90 percent) involve attempts to gather intelligence from targeted organizations, according to Symantec’s 2018 Internet Security Threat Report.
What’s more, since 99.9 percent of all businesses in the United States are “small,” meaning they have fewer than 500 employees, it follows that hackers would target them.
Indeed, the Securities and Exchange Commission (SEC) says:

Small and midsize businesses (SMBs) are not just targets of cybercrime, they are its principal target. Since the popular press tends to focus on attacks that target the largest firms, it can be easy to overlook the fact that SMBs (small and midsized businesses) are at even greater risk, and are far more vulnerable once they are victimized. In fact, for every high-profile breach, there are many more threats to confidential data held by local businesses.

So, what can you do to keep your business from being victimized by spear-phishing?

One of the easiest ways to prevent your employees from engaging phishing via email or social media is to instigate behavioral changes at work. It should help your staff avoid making the kind of simple mistakes that lead to devastating consequence for your business:
1. Limit interactions to users you can trust
2. Don’t click on links from unverified sources
3. Never download file attachments from social media
4. Enable two-factor authentication on all social media accounts and devices - it’ll make it harder to hack them
5. Give extra training to employees with high-access privileges or social-facing roles
Another essential aspect of your security plan to consider is the technology you’re using to stay cyber resilient. The HP Elite family, for example, has a range of powerful, built-in security features.
One relevant feature is HP Sure Click, which approaches secure browsing differently. Instead of just flagging dangerous sites for users to avoid, it also keeps malware, ransomware and viruses from infecting other browser tabs and the wider system. When a user starts a browsing session, every site visited triggers HP Sure Click.
For example, each time a website is visited, HP Sure Click creates a hardware-based isolated browsing session, which eliminates the ability of one website infecting other tabs or the system itself.
Another way to head off spear-phishing is to look into a Device-as-a-Service (DaaS) offering. This is a modern PC consumption model where companies essentially lease their computing equipment, assuring they always have the latest and most secure gear along with constant, quality service and support.
Spear-phishing isn’t the only cyberattack vector small businesses need to be concerned about, but it is one of the most prevalent. With a modicum of awareness and investment in modern security tools, it is possible to avoid becoming victim to what has become an all-too-common threat.
Related articles:

Disclosure: Our site may get a share of revenue from the sale of the products featured on this page.

Disclaimer

Prices, specifications, availability and terms of offers may change without notice. Price protection, price matching or price guarantees do not apply to Intra-day, Daily Deals or limited-time promotions. Quantity limits may apply to orders, including orders for discounted and promotional items. Despite our best efforts, a small number of items may contain pricing, typography, or photography errors. Correct prices and promotions are validated at the time your order is placed. These terms apply only to products sold by HP.com; reseller offers may vary. Items sold by HP.com are not for immediate resale. Orders that do not comply with HP.com terms, conditions, and limitations may be cancelled. Contract and volume customers not eligible.

HP’s MSRP is subject to discount. HP’s MSRP price is shown as either a stand-alone price or as a strike-through price with a discounted or promotional price also listed. Discounted or promotional pricing is indicated by the presence of an additional higher MSRP strike-through price

The following applies to HP systems with Intel 6th Gen and other future-generation processors on systems shipping with Windows 7, Windows 8, Windows 8.1 or Windows 10 Pro systems downgraded to Windows 7 Professional, Windows 8 Pro, or Windows 8.1: This version of Windows running with the processor or chipsets used in this system has limited support from Microsoft. For more information about Microsoft’s support, please see Microsoft’s Support Lifecycle FAQ at https://support.microsoft.com/lifecycle

Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, Xeon Inside, and Intel Optane are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

In-home warranty is available only on select customizable HP desktop PCs. Need for in-home service is determined by HP support representative. Customer may be required to run system self-test programs or correct reported faults by following advice given over phone. On-site services provided only if issue can't be corrected remotely. Service not available holidays and weekends.

HP will transfer your name and address information, IP address, products ordered and associated costs and other personal information related to processing your application to Bill Me Later®. Bill Me Later will use that data under its privacy policy.

Microsoft Windows 10: Not all features are available in all editions or versions of Windows 10. Systems may require upgraded and/or separately purchased hardware, drivers, software or BIOS update to take full advantage of Windows 10 functionality. Windows 10 is automatically updated, which is always enabled. ISP fees may apply and additional requirements may apply over time for updates. See http://www.microsoft.com.

“Best All In One Printer” and “the easiest printer you’ve ever had to set up” from Wirecutter. ©2020 The Wirecutter, Inc.. All rights reserved. Used under license. https://www.nytimes.com/wirecutter/reviews/best-all-in-one-printer/

Get Marvel’s Avengers when you purchase HP gaming PCs with qualifying 9th gen or 10th gen Intel® Core™ i5, i7 and i9 processors. Redemption code will be sent out by email within 60 days of purchase. Limited quantities and while supply lasts. Offer valid thru 12/31/2020 only while supplies last. We reserve the right to replace titles in the offer for ones of equal or greater value. Certain titles may not be available to all consumers because of age restrictions. The Offer may be changed, cancelled, or suspended at any time, for any reason, without notice, at Intel’s reasonable discretion if its fairness or integrity affected whether due to human or technical error. The Offer sponsor is Intel Corporation, 2200 Mission College Blvd., Santa Clara, CA 95054, USA. To participate you must create an Intel Digital Hub Account, purchase a qualifying product during the redemption period, enter a valid Master Key, and respond to a brief survey. Information you submit is collected, stored, processed, and used on servers in the USA. For more information on offer details, eligibility, restrictions, and our privacy policy, visit https://softwareoffer.intel.com/offer/20Q3-19/terms.

© 2020 MARVEL. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others.

The personal information you provide will be used according to the HP Privacy Statement (https://www8.hp.com/us/en/privacy/ww-privacy.html)