There are a variety of ways cyber attacks and data breaches can happen, a common way is spear phishing. You may be surprised how many people fall for the bait of spear phishing, but with the extensive research hackers use to target a specific audience, you may never suspect you received a phishing email. The spear phisher is able to disguise themselves as a well-known and trusted entity which can cause a company’s confidential information to be obtainable, such as: 

• Customer lists
• Passwords
• Employee information

There are two common methods spear phishers use to be able gain access to this information. One way is for the phishers to direct email recipients to a fake or fraudulent website that has the recipients enter different credentials like passwords or account numbers.  Another way is for the phishing emails to contain links or attachments. When they are clicked malware is downloaded onto the recipient’s computer. The downloaded malware allows the phisher to gain access to sensitive data and passwords.

There are certain “give away” characteristics that can be found in the example email below.

1. The “From:” email address.
   1. In this case, that email alias isn’t how my Office 365 account is listed.
2. OneDrive is never referred to as OneDrive Cloud. It will only be listed as “OneDrive for Business” or “OneDrive Personal”.
3. Microsoft doesn’t notify you about files waiting review.  That’s an internal feature if you share files within your company.
4. “Click*” isn’t a link.
5. There is bad grammar and odd structure throughout the email.
   1. “Goto”
   2. The hyphen in the middle of the “D”
6. There is no Microsoft logo.
7. There is a different color scheme in this email than what is usually used by Microsoft.

There is additional information and tips that can be found on the IRS website that can protect you from cyber attacks like spear phishing.

Contact us if you need more information or have questions about protecting your important information from this dangerous threat!