The attack on the @AP Twitter account, which led to a stock market "flash crash" Tuesday, was the latest in a series of hacks called "spear-phishing."
A number of Associated Press employees received an email that appeared to be from a co-worker, but in fact was generated by hackers to fool them into clicking on a malicious link within the email, Slate reports.
As a host of major organizations join the ever-growing list of spear-phishing victims, small businesses will want to be on alert for similar attacks. Here's what you need to know:
What Is Spear-Phishing?
Phishing is a form of hacking that involves malicious emails sent en masse to the general public with generic invitations like "click this link."
Spear-phishing is more specifically targeted and far more sophisticated.
A spear-phishing attempt will typically target employees at a single business, and will tailor its attack by adding personal touches that make the email seem like it came from within the company, The Atlantic explains.
Although these attacks may be harder to spot, there are some telltale signs, such as:
- Weird email addresses. The email may say it's from your co-worker, but the email address may be from an unknown account. Or, the sender of the email may not match the name of the person who signed it, as seen in the spear-phishing attack on the AP.
- Vague subject lines. Any email you receive from a co-worker that simply says "news" or "update" should be deemed suspicious.
- Asking for personal information. Financial agencies and other organizations will not ask for credit card or other personal information via email, Mashable reminds us.
What to Tell Your Employees
Keeping your business safe requires that all employees adhere to a sound online security policy. Business owners may want to instruct their employees to remember a few tips. For example:
- Never open attachments without confirmation. Hackers are adept at attaching normal-looking PDFs to emails which contain malicious code when opened, according to GCN. Use another email account or phone to confirm that the supposed sender actually sent the email.
- Don't open unsolicited emails. Be wary of unexpected emails from outside the company network. If the sender is someone within your business, verify that the person really did send the email before opening it.
- Don't click links in emails. Again, it's best to confirm them with their senders. An Internet search of the link in question, or of the subject line or text of the email, may also show that it's actually a spear-phishing attempt.
Follow FindLaw for Consumers on Google+ by clicking here.
- Hackers send fake market-moving AP tweet on White House explosions (Reuters)
- Stop Twitter Hacking: Tips for Small Businesses (FindLaw's Free Enterprise)
- FTC Warns of 'Consumer Complaint' Email Scam (FindLaw's Free Enterprise)
- Send Fake 'Phishing' Emails to Test Employees? (FindLaw's Free Enterprise)