Security Alert: Increase in Social Engineering Combined with Spear Phishing

We’ve detailed the seemingly countless varieties of cybersecurity attacks to hit businesses and organizations over the past few years many times in our Fulcrum Group blogmonthly e-newsletters and in our blog (our site specifically geared to technology issues top of mind for executives, business owners and managers).

Phishing vs Spear phishing 300x151 1

November’s almost two million dollar breach of Crowley ISD’s accounting department — originated from a one-two punch of malicious intent known as “social engineering” (the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes) and “spear phishing” (the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information).

Even as complex-sounding as this compromise seems, this type of security breach is completely preventable with the execution of of our most important cybersecurity front-line defenses – education and training of staff!  Here is the recent Fort Worth Star Telegram article detailing how this security compromise occurred.

How You Can Protect Yourself & Your Organization:

  • When it comes to monetary transactions, especially those that exceed certain thresholds, make sure to have a processes in place that include verification and authorization of not only sending monetary transactions, but also modifying account information.
  • Use common sense when it comes to making decisions about how to handle email and phone requests.  If there isn’t a process in place to cover the request, then your initial response should be caution, and involve phone or in-person verification of requests.
  • Educate yourself and your management staff.  A great start is attending one of our two lunchtime events coming up later this month!  The Fulcrum Group is holding 2 lunchtime events around cybersecurity issues as they relate to executives and business owners at the end of February – one luncheon in Dallas, the other in Fort Worth – both will present the same information.  See our Events page for more details and to register.  If you are an executive, you should be familiar with managing this type of security on your organization’s behalf. If you need to know where to start, this luncheon is a great place to learn and get the answers you need from our cybersecurity experts, all over a delicious Ruth’s Chris lunch.