By: Kharmela Mindanao on April 7th, 2022
Spear Phishing Auto Employees’ Info on Social Media (& How to Stop It)
Can all your team members spot spear phishing? If your answer isn’t a resounding yes, you have a security problem in your auto dealership. (In all kinds of businesses, really.)
When cyber security was in its infancy, IT departments regularly warned employees against the dangers of clicking on links in an email address from an unknown sender.
But now, the focus of hackers is shifting to spear-phishing on social media.
Where else do you store a mass quantity of personal information with relatively minimal security? Many social media users don’t realize exactly how much information they willingly share online. And this goes for both clients and businesses.
After all, businesses still use social media for marketing purposes or customer communication. Social media pages are also one of the first things clients see when evaluating your products.
And so you must protect this tool from exploitation.
As a Managed IT Service Provider (MSP) in charge of our multiple client’s cyber security, ITS knows how hard it is to protect a company’s network. Especially since there are dangerous kinds of phishing scams out there.
But knowing about spear phishing is a solid first step in securing your data.
So in this article, we’ll take a look at:
- What is spear phishing?
- How can you prevent spear phishing?
- How do you minimize the damage of spear phishing?
By improving your cybersecurity knowledge, you can better prepare your employees for attacks against your network.
What is spear phishing?
With the rise of social media comes a new form of attack called spear phishing. While phishing attacks send out multiple emails looking for someone to click on it, spear phishing is targeted.
The cybercriminal spends time online getting to know the target — getting details about their posting habits, where they like to visit, where they work, and their family members — before launching a very targeted attack.
These incursions are often to someone close to the person of interest, such as a spouse or significant other. The hacker then creates a special offer that may seem too good to be true. It encourages the target to click through to get more information and then use that new relationship to gather personal information such as login names and passwords.
These details are then used to break into the company networks to hit the mother lode of personal information. By utilizing the target’s personal information, hackers slide under the defenses of the host organization.
Unfortunately, if an auto dealership or any other organization is infiltrated, that company is potentially liable for damages from the attack.
Personally Identifiable Information (PII)
The key target for many phishing attacks is personally identifiable information (PII) and bank account numbers.
Since businesses have to gather much of this information to complete a sale, they are now prime targets for cybercriminals.
Once a criminal gains access to the organization’s network, they can plow through enormous amounts of data quickly, making it difficult to stop the incursion before the damage is done.
How can you prevent spear phishing?
Fortunately, there are several things you can do to limit the possibility of a cyber attack on your company.
Block Social Media Ads
Tell staff members never to click on social media ads while at work or on any machine or device that can connect to the company network. Request that they have an effective ad blocker installed on the web browser.
Remind Staff About the Sanctity of Information
Remind your teams to never respond to password or user information requests, regardless of where the question comes from. This includes phone, email, social media, and websites.
Constantly Update Security Patches and Passwords
Keep all firewalls, security patches, updates, and network security software up-to-date. Institute an aggressive schedule for updating passwords within your network, and add stringent standards around team member password creation.
While this may not keep spear phishers completely out of your organization, it may slow them down and stop some of them.
Make Team Members Aware of the Dangers of Social Media
Notify staff members of the dangers of having a public profile on social media. While it may be fun to connect with people worldwide, educating your staff about how personally identifiable information is gathered on social media is essential.
Once one individual within your network is compromised, the attack will quickly spread between computers and networks. People tend to trust information from family or a close friend, but it’s important to educate staff that this type of attack is very wily and can fool even the most careful individuals.
How do you minimize the damage of spear phishing?
But what if the worst happens, and a spear-phishing attack succeeds? How do you deal with the aftermath?
Monitor Early Warning Signs
Early warning signals are critical for your business to stay protected even during an attack. Warning signs also limit the duration and extent of the attack. They give you more time to take charge of the situation.
Identify Compromised Information Immediately
Auto dealerships and other organizations must not bury their heads in the sand and ignore a data breach — despite how tempting it can be to ignore the problem. Security holes grow with time and allow hackers to get a foothold in your network.
Have Cyber Liability Insurance
Dealerships and other organizations may also purchase cyber liability insurance to cover the organization’s liability in a widespread cyber attack. Cyber liability insurance will cover most of the damages incurred by a security breach.
Read “6 Things to Prepare for Cyber Insurance, and Why They're Important”
Have a Disaster and Recovery Plan
A disaster and recovery plan is a necessity for your business. You’re not left floundering because you’ve planned ways to deal with the worst-case scenario. Your team will know exactly what to do.
Ready to prevent spear phishing in your business?
You don’t want to deal with the headache of a data breach – nobody does. But by not training employees about the following facts of spear phishing, you’re opening up your business to hackers.
- Spear phishing is a targeted attack where a hacker uses information online to get personal data from the target.
- Preventing spear-phishing through security awareness, ad blocking, and security updates are a business necessity.
- Having a plan for when your business is targeted by spear-phishing will save you a lot of time and stress in the future.
As an MSP in charge of our clients’ cyber security, ITS knows how important it is to have a robust security system. But we also know this – ultimately, protecting your network is a monumental task.
Luckily, there are easy steps you can follow right now to improve your security. Read “5 Cyber Security Tips for Small Businesses” to find out what you immediately do to protect your company.