An email may look innocent, perhaps from a trusted colleague, and bearing an innocuous subject line. Many people wouldn’t think twice about opening it and clicking on a link inside to a known website or to download a work-related file. Unfortunately, appearances can be deceiving, and that email may be an attempt at spear phishing.

As spear phishing attackers use increasingly sophisticated methods to target organizations around the globe, it’s important to understand how to recognize an attack and how to combat these efforts in the future so that your organization remains unscathed.

Studies continue to show that significant numbers of data breaches are the result of insiders. For example, IBM studied data breaches and discovered 60% were related to the activities of employees. These breaches include both malicious intent as well as simple human error like falling prey to phishing email attacks.

mohamed_hassan / Pixabay

What is Spear Phishing?

Today’s digitally sophisticated society knows to be wary of clicking unknown links or providing personal information in response to unsolicited emails. While traditional phishing emails appear to come from large, well-known companies, spear phishing emails appear to come from someone within the recipient’s own organization. Often, the email contains information or requests that appear to be urgent and legitimate within the context of the recipient’s relationship to the sender.

When the recipient clicks on a link in the email or opens an attachment, malicious code is downloaded onto the recipient’s computer, where it can access confidential information, install a virus that blocks access to files and applications, or corrupts them, making them inoperable. The malware can also use backdoor access to infect the network that the individual’s computer is on, opening the entire organization to data breaches and potential disruption of operations.

Recognizing a Spear Phishing Attack

A spear phishing attack can happen to any organization in any industry – big or small. And, once bitten isn’t necessarily twice shy when it comes to cyber attacks. Moreover, it can be difficult to recognize when a spear phishing attack has taken place. Employees are typically trained how to use computers to do their daily jobs, but they’re not trained as computer security professionals.

HTML in email creates its own tricks to fool email recipients. In an email created in HTML, an actual URL can be “hidden” by other text or images and rendered like a web page. The “hover” feature gives recipients the ability to see what is underneath a displayed link; however, there are still some additional indications that an email may not be as innocent as it looks.

  • Email contacts include the actual email address as well as an optional Contact Name or alias. However, many email applications may only display one or the other in simple format. The full email address ([email protected]) should match its “alias” (John Doe).
  • The email displays a familiar email address as the Contact Name but the actual email address in simple view does not match. (e.g. “[email protected]” <[email protected]>)
  • The email displays a familiar alias (John Doe), but the full email address in the simple view does not match the sender ([email protected]).
  • The email contains only a link or attachment and little or no other content or signature.
  • Subject lines or text within the body might convey urgency or that the content was previously requested (e.g. “Here’s that data you asked for”, “Please review for accuracy” or “Time sensitive”)

Combatting Spear Phishing

There are a number of strategies healthcare organizations and their employees can implement to reduce spear phishing.

  1. Take advantage of user analytics that can help identify behavior-based weak points so that security strategies can be designed around them.
  2. Ensure that anti-malware and antivirus programs are up to date.
  3. Restrict remote access to data or set up a Virtual Private Network (VPN) for work-from-home employees, with authentication requirements and encrypted data.
  4. Educate employees to scrutinize the sender’s address, links and attachments for anomalies.
  5. Notify network security or IT personnel of any suspicious emails.
  6. Delete suspicious emails immediately and then empty the email trash folder.
  7. Notify the “spoofed” sender that their email address has been compromised.

Because attackers are employing increasingly sophisticated methods to avoid detection, organizations should devote additional IT resources to cyber security and incorporate ongoing employee education to fight spear phishing. Such training should not be limited to lower-level employees and managers, but should be required at every level of the organization, including the c-suite. Executive level buy-in and support is critical to creating a security culture necessary for safeguarding sensitive data.

A version of this article originally appeared here.