What is Spear Phishing?
Spear Phishing is a more sophisticated type of Phishing and is an increasing threat to businesses. It typically targets CEO’s and employees responsible for finance, such as financial controllers or accounts payable.
Cyber criminals research email addresses via company websites, and social media sites like Linked In for those they want to target in the appropriate roles.
They then send them an email, posing as someone more senior and with authority for money transfers, such as the CEO or Finance Director.
They keep the emails brief and ask for amounts of money to be transferred to accounts, giving false reasons.
It’s easy to think ‘surely no one falls for that’ but sadly they do. Every day, large amounts of money are successfully transferred out of businesses and into criminal bank accounts.
What to look out for?
Always check the email address carefully. Look out for double letters that are easy to miss. It is very easy to set up a bogus email address and pretend to be someone you’re not.
A typical example is double i’s or s’s
They take advantage of the fact that we rarely verify email addresses.
What else can you do?
Ensure that there is a secondary signature required for adhoc bank transfers, or those over a certain limit. It adds another layer of security to the process which could raise alarms before any money is sent.