TOLL FREE: 1 855 TRUE SKY (878 3759)


Read up for news, tips and tricks about budgeting, planning and forecasting.

Spear Phishing

Spear Phishing: Are You An Easy Catch?

Over the last few years, malicious email attacks have become almost commonplace. We see reports on them all the time it seems – people getting conned by attackers pretending to be the bank or the Canada Revenue Agency – but it isn’t just individuals falling victim. Spear phishing schemes are also becoming all too common, putting enterprise-level organizations at significant risk for data breaches and ransomware attacks.

Are you an easy catch?

Email phishing is characterized by an attacker sending out a mass email from what looks like a legitimate (and often highly recognizable) source. Such emails request responses containing personal information which is then used by the attacker or include malicious hyperlinks that can easily drop a virus onto the user’s computer or device.

Spear phishing is even more problematic. While it follows the same general description, it is usually far more targeted and personal, with the attacker going after a much smaller group of people or even a single individual. What makes it so problematic is the level of personalization. Attackers do their homework before sending these spear phishing emails, gathering what they need to make those emails seem even more legitimate.

What information are these cyber criminals using and where are they getting it?

Social media has become the ultimate archive for cyber criminals looking to gather information on potential targets. Facebook, Twitter, or LinkedIn, for example, can provide these attackers with everything they need to make an individual think they’re talking to someone they actually know or that is legitimate.

Here are two critical things that you should never discuss on your social networks, or should remove right away if it is currently listed:

  1. Any password-related information. If you use a birthday, an anniversary, an address, even a child’s or pet’s name for a password, make sure that information can’t be found online. Even the most harmless posts containing this info can be taken advantage of by hackers.
  2. Your phone number. Yes, we understand that this is somewhat difficult at the enterprise level as, depending on your position, this information would be used for work purposes. However, try to limit it as much as possible. This could be as easy as sharing the company’s main line but ensuring your extension isn’t listed. Why? More and more criminals are calling targeted employees and simply asking for information or even pretending they are from the IT department and need to reset passwords.

Unfortunately, email phishing/spear phishing schemes are just getting worse and worse. As we beef up our spam protection systems, the criminals also beef up their own attack protocols. All you can do is ensure that your behaviour isn’t making it easy for those criminals. Protect yourself and your information.

True Sky simplifies the budgeting process for companies using Excel. Get in touch today by calling 1-855-878-3759 or emailing