What you should do after a spear phishing attack

By Veriato Team

We all know information security is complicated and multi-faceted. You have plans to defend you from countless types of attacks and threats, but the risk is still there. Spear phishing is a common threat and your organization should have a plan of how to respond in the event of this type of attack.

What is spear phishing?

Spear phishing is an individually targeted email attack with the intent of gaining access to personal or sensitive information. Often, the spear phisher will send an email from a seemingly trusted website or from someone you think is in your contacts list. For example, a popular spear phishing scheme involves posing as a bank and asking for your bank account information for verification, or a coworker asking for access to certain online documents.

Immediate steps after an attack

Spear phishing has become extremely sophisticated, and even educated employees can be susceptible. If you realize you’ve been attacked, report the incident immediately. Your IT team will be able to isolate the damage and help you protect your identity. Additionally, they will be able to spread the word so other employees don’t fall for the same scheme.

You should immediately increase your online personal security. Change your passwords to any accounts involved in the attack and enable multifactor authentication – for example password and security code via text. Call any companies involved, like your bank or credit card company if the personal information stolen was financial.

From an IT perspective, you should immediately blacklist the sender(s) to stop them from targeting your organization again from the same address. You should also search systems for unauthorized or suspicious traffic to make sure the spear phisher didn’t steal any network user identifications and is now able to access your organization’s data.

Educate and move forward

Spear phishing is very common and the likelihood it happens to someone in your organization is unfortunately high. If there is an attack, use the experience as an example to educate your employees. Although attacks are increasingly sophisticated, educating your employees on spear phishing and how to detect attacks can still go a long way on protecting your organization.

Remind your employees that they should always read an email that’s asking them to do something involving personal information two or three times to make sure they have a grasp on the content. And, if it seems even remotely suspicious, they should call the institution the sender is claiming to represent to confirm the email request. While proper education won’t protect from every spear phishing attack, it can go a long way in keeping sensitive information confidential.

Spear phishing is a real concern to both individuals and organizations. If you are targeted, follow these steps to minimize damage and protect both your employee’s and your company’s information.

2023 Preparedness Checklist: Ensure Your Workforce Is Productive and Secure

This guide will help you understand where there are opportunities and risks in your workforce, and what you can do to make sure 2023 is as secure and productive as possible with workforce behavior analytics.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year's RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also...

A More Insightful, Proactive Approach to Employee Monitoring

A More Insightful, Proactive Approach to Employee Monitoring

Also known as “bossware” and even “employee surveillance”, employee monitoring has been placed in the bucket of technologies that companies force on their employees. Whatever you call it, its use is on the rise and it looks like it’s here to stay. As of 2022, 60% of...

Bossware and the Future of Work

Bossware and the Future of Work

Recently, there has been considerable coverage of “bossware” and a focus on draconian types of “surveillance” some companies are using to stay on top of remote and flexible workforces. Articles claim companies are accessing the camera on laptops and tracking every...