It goes like this. It’s a regular Tuesday. Things are humming along just fine. Someone you know from your HR department sends an email asking you to look over an attached spreadsheet. Or your supervisor emails you to review an attached Microsoft® Word document. Or a vendor you work with asks you to remit payment and, to make it convenient, provides you with a hyperlink. Nothing raises a red flag. So, you do as instructed. But the emails are fakes. The attachments and hyperlinks just opened up your system to fraud.
This is the new modus operandi of hackers, and the nefarious possibilities are endless. Welcome to corporate spear phishing. It claims new victims every day. In fact, organizations lose about $400 billion a year in intellectual property alone through spear phishing, according to Ondrej Krehel, CEO and founder of LIFARS.
“I think the spear phishing buzzword is out there, but most still believe it’s a myth,” Krehel said. “They think, ‘It’s not going to happen to us. Our people aren’t that silly. The hackers are not sophisticated.’ Believe me, your people will click on it.”