With new high-profile security breaches highlighted on the national news nearly every day, it’s clear that hackers are getting the better of many major companies’ cybersecurity teams. But, surprisingly, the most popular method used to attack security systems isn’t some snazzy new technology. According to the SANS Institute, 95% of all attacks on enterprise systems nowadays are spear-phishing attacks. A major reason for this is that businesses aren’t adequately prepared to identify and prevent sophisticated scams. So, if you’re worried your workforce isn’t savvy enough to sniff out spear-phishing scams, here are a few to prepare them.


While regular phishing schemes typically use mass mailings and general targeting to reel in random unsuspecting victims, spear-phishing attacks target specific individuals and employ detailed personal information to make their requests or offers seem authentic. Scammers may even pretend they are someone from your IT department, copying logos and signatures, or mimick the written tone of voice of a loved one or friend, using nicknames and banter. 

The majority of these attacks appeal to either fear or greed: warning of a terrible scenario that requires immediate revelation of sensitive information, or offering an incredible, but time-sensitive, bargain or giveaway, prompting an impulsive click of a malicious link.  

These Cybercriminals usually seek:

  • Sensitive data such as credit card info, account numbers, or passwords.
  • System access to install malware across multiple devices.
  • Confidential information, trade secrets, or insider info.

Keep an eye out for these specific warnings:

  • Strange, unrecognizable addresses in the “from” field of an e-mail
  • Attached links that you “must” click. (Hover over these to check if they are verified sites that start with https://)
  • Requests for you to do something you normally would not do.


Since hackers often do quite a bit of research before launching a spear-phishing attack, employees with high-level access must recognize they are likely targets. They should be aware that any personal or professional information they share on the company website, through email, or social media can be used by cyber attackers attempting to gain their trust. Ideally, they should limit the amount of personal information they share on these platforms and be wary of suspicious friend requests, followers, and even random interactions in public spaces.


Urgency is a common theme in spear-phishing attacks – attackers attempt to rush you to respond before there is time to adequately assess the situation. Alerts, calls, or e-mails about compromised accounts, password resets, or stolen information are best handled calmly, so as not to fall prey to panicked impulses that could take over when an apparent disaster strikes. Practicing assessing and responding to challenging situations without jumping into action immediately, can help prepare you before these moments arise.


Finally, just because you can spot the signs doesn’t mean it’s impossible someone missed something nefarious along the way. With the level of personalization and sophistication employed by today’s cyber attackers, many breaches go unnoticed for long periods of time. It’s essential to conduct regular reviews of your systems and search for signs of a breach, even when everything seems to be going smoothly. Take time to review past emails and other recent communications to determine whether any suspicious signs could have gone unnoticed in the past.

Staying ahead of online scammers may seem like simple work on the surface, but all the checks and balances needed to stay out of trouble take valuable time and effort. If you feel overwhelmed trying to tackle cybersecurity challenges while also running your business, contact Haselkorn Inc. today.