Last month, researchers at Fortinet observed a sophisticated phishing email sent to a Hungarian diplomat. In the email, cybercriminals disguised themselves by using the first and last name of an employee in the diplomat’s IT department. In this case, the diplomat believed that the email was suspicious and forwarded it to the actual employee in the IT department for investigation.
This case is a perfect example of a popular attack called spear phishing. Spear phishing attacks are targeted at a single person or department that has information that cybercriminals want. In these attacks, cybercriminals conduct research on the specific person or department and figure out who they talk to frequently. Then, the cybercriminals send a message to the person or department, pretending to be someone they know and trust. It’s important to watch out for these attacks because they can happen to anyone, not just diplomats or executives.
Follow these tips to stay safe from spear phishing attacks:
Don’t open attachments or click on links in emails that you were not expecting.
Check email headers to make sure you recognize the sender and any other recipients.
Reach out to the person who allegedly sent the email by phone or in person. By reaching out to the alleged sender directly, you could save yourself and your organization from a potential spear phishing attack!
Stop, Look, and Think. Don’t be fooled. Executive IT Help Security Team