Don’t Be Caught by the Spear Phishermen

Don’t be caught by the Spear Phishermen

I think we’re all pretty horrified by the news this week that top athletes have had their personal medical data released by hackers who were allowed to break into the files of the World Anti-Doping Agency (Wada).

It’s impacted on the likes of Sir Bradley Wiggins, Chris Froome and multi-Olympic gold medal winning US athlete Simone Biles.

We’re getting quite used to such things, but it all seems that much more despicable when it relates to such deeply personal material as medical data.

We have come a long way in educating people generally about the methods criminals will use to get hold of their logins and other confidential details and many people now will be familiar with the term ‘phishing’ – the practice of sending out millions of emails pretending to be something they’re not in order to get users to unwittingly give up information.

What’s less well known is the variant of that practice known as ‘spear phishing’, which is believed by Wada to have been used here. As the name suggests, it’s a more targeted approach.

Instead of casting the net wide with, say, a generic email pretending to be from your bank, in the hope that enough people will fall for it and give up their details, a spear phishing attack homes in on an individual or specific organisation from the start.

It’s particularly dangerous because it’s engineered to be convincing in those specific circumstances. The attacker is likely to have done some research. So, for instance, an email or phone call from the criminal might refer to something or someone familiar to the person they’re approaching. They might even have found some personal details on their target, such as their favourite football team or coffee shop – much of which people will reveal through every day social media use. It gives a ring of truth to the enquiry that might just tip someone over the edge into revealing something they otherwise might not.

This approach relies even more heavily on psychology and human nature – if it’s convincing enough the target might feel rude (or even be in fear for their career) if they don’t comply with what might be a bona fide request.

It would be very easy to point the finger at Wada – though to some extent that must still happen – but these carefully engineered attacks can be very hard to defend against.

It’s why people, your staff, remain the weakest point in any digital security set up. You can put in all of the hardware and software in the world, but if the staff are not suitably educated on the risks they pose, it’s all for nothing.

The protocols need to be strong, clear and regularly checked and reinforced – whether it’s about keeping door entry codes secret, all the way up to the accounting system and customer database!

It’s something we consult with clients on, helping them to create, promote and enforce good practice among their staff who, in turn, know the risks and consequences of failing to take it all on board. It’s tough, but you can fight back against the ‘spear phishermen’!

The IT Challenge for the Next Generation

Yahoo! breach! proves! we! are! all! targets!

Back to Insights

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Don’t Be Caught by the Spear Phishermen

Don’t be caught by the Spear Phishermen

Uh Oh! You’re at Greater Risk of Malware than Ever Before

Be Careful When Scanning QR Codes – There’s a New Scam Going Around!

Be More Productive with these Microsoft Edge Features

5 Cybersecurity Predictions for 2024 You Should Plan For

Is This the Most Dangerous Phishing Scam Yet?

What is Microsoft Security Copilot? Should You Use it?

The Advantages of Contracting with an IT Company Over Break/Fix Arrangements

Cyber Attacks: Stronger, Faster and More Sophisticated

Online Security: Addressing the Dangers of Browser Extensions

The Little Things that make a Big Difference

Workspaces, a VPN and More – Learn the Newest Microsoft Edge Features

And the award for most common phishing scam goes to…

Examples of How a Data Breach can Cost Your Business for Years

Demystifying Data Encryption: Safeguarding Your Digital World

How Small Businesses Can Approach Workforce Technology Modernisation

Which Ransomware Payment Option is Best? (Hint: None)

Top Data Breaches of 2023: Numbers Hit an All-Time High

Bridging the Trust Gap Between Your Employees and AI

9 Tips for Setting Up AI Rules for Your Staff

Don’t Think Your Business is a Target? Think Again

Gamers Beware! Hackers are Targeting You

This New Search Feature in Edge is a Revolution

The Proactive Advantage: Fortifying Business Resilience through Monitoring

Here’s What’s in Store for the Last Ever Windows ‘Moments’ Update

How Can You Leverage the MS Teams Payment App

Microsoft Wants you to Pay for Updates

11 Ways to Responsibly Get Rid of eWaste at Your Home or Office

Are You Ready for Next-Gen Email Security? (YES!)

Beware of These 2024 Emerging Technology Threats

You’re Not Imagining it, Video Calls ARE Stressful