Skip to main content

Tag: email

Spear Phishing E-Mails: my email was hacked!

Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Spear-phishing attempts are not typically initiated by random hackers, but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.

No, your email was not hacked. You are a target of a spear phishing attack. If you and your team are well trained and aware of this, there is nothing to worry about.

This is how it works:  you receive an email from your boss or a high-ranking person in your company asking you to prepare a wire-transfer, or to purchase 100 Apple Music Gift Cards. The email looks legitimate, his signature is on the email, sometimes with your company logo. It looks legitimate but your Spidey senses go up and your reply asking him/her to confirm. They replay saying “Yes, and do it now!”  Only it is a spear phishing attack!

Cybercriminals using spear phishing will research their targets: going to the company website to find out who is in charge and who oversees the money (Accounting, Finance Dept., etc.)  They will go to Linked-In to get your logo, find out titles, co-workers, email formats, etc.  Once they have a good idea of your company, mostly from free and open to the public sources, they will craft a bogus email, usually from an open email provider like gmail or yahoo, or from a hacked domain like, and send the email. They will disguise the sender’s email with the boss’ name, knowing that the majority of people do not check the actual email or have a setting on their webmail to only show the name of the sender.

Many times, government-sponsored hackers and hacktivists are behind these attacks. Cybercriminals do the same with the intention to resell confidential data to governments and private companies, or just for immediate financial gain. These cybercriminals employ individually designed approaches and social engineering techniques to effectively personalize messages and websites. As a result, even high-ranking targets within organizations, like top executives, can find themselves opening emails they thought were safe. That slip-up enables cybercriminals to steal the data they need in order to attack their networks.

Phishing vs. Spear phishing vs. Whaling

This familiarity is what sets spear phishing apart from regular phishing attacks. Phishing emails are typically sent by a known contact or organization. These include a malicious link or attachment that installs malware on the target’s device, or directs the target to a malicious website that is set up to trick them into giving sensitive information like passwords, account information or credit card information.

Spearphishing has the same goal as normal phishing, but the attacker first gathers information about the intended target. This information is used to personalize the spear-phishing attack. Instead of sending the phishing emails to a large group of people, the attacker targets a select group or an individual. By limiting the targets, it’s easier to include personal information — like the target’s first name or job title — and make the malicious emails seem more trustworthy.

The same personalized technique is used in whaling attacks, as well. A whaling attack is a spear-phishing attack directed specifically at high-profile targets like C-level executives, politicians and celebrities. Whaling attacks are also customized to the target and use the same social-engineering, email-spoofing and content-spoofing methods to access sensitive data.

What you can do

All the technology in the world is not a substitute for the human brain.  If it looks suspicious, it probably is.  If you get a spear phishing email, pick up the phone and call your boss asking to confirm the unusual request.  Check the actual email address that sent it to you.  Is it the correct one or is it a random domain like ?

Finally, there are some technology solutions that can help.  Setting up DMARC records in your DNS to verify that the sender’s email server is indeed who they say they are, setting up rules to identify in the email message subject that it came from an outside organization instead of your internal domain, and others. Contact SkyViewTek today for more information. Call 610-590-5006 or email or click here.

Gone “(Spear) Phishing”

Spear phishing has been in the news lately thanks to the indictment of 12 Russian actors but what is “spear phishing” anyway?

A “phishing” email is when someone sends out a mass email pretending to be someone they are not, maybe a bank: “This is Wells Fargo – we need you to send us your login and password to verify who you are”; or just AOL, Google.  They are usually wide spread and just try to see who responds.

“Spear Phishing” is more targeted.  The hacker or perpetrator will check out your website to see who is the boss, who is the financial person, check out their Facebook and LinkedIn accounts to gather as much information as they can.  Then they will send a fake email to and underling from their boss asking them to wire money ASAP.  Or ask you to verify your email password saying they are from “IT.”

It is very hard to identify those attacks as we have seen them coming from the exact domain of the user, but if you look at the tracking behind the scenes (which most users would not know how to do or need to know how to do) the email actually came from some compromised account.

What Can You Do?

The first step is to have all the prevention you can afford.  At the very minimum, have an up to date Virus Scanner.  And we don’t mean Windows Defender.  Have a paid subscription to a legit Anti-Virus.  We recommend WebRoot.  Second is have a Firewall.  Especially if you are a business, small or not, you HAVE to have a proper firewall.

Thirdly, it comes down to the user.  Be smart.  Does your boss regularly ask you to send wire transfers?  Or wire transfers to random oversea accounts?  Pick up the phone and call your boss to confirm.  Your boss will never chastise you for being too careful.

Please contact SkyViewTek for help implementing any or all of these recommendations. Call 610-590-5006 or email

Can your Employees Detect Email Scams?

Now it is more important than ever for businesses to have a process in place to verify key requests issued via email, like a wire transfer. Back in the day, phishing emails were full of typos and easy to spot. But today’s cybercriminals are able to match the branding and logos associated with the companies they are trying to impersonate – which makes it more difficult for a busy employee to spot an email scam.

Check out these Five ways to detect a malicious ‘phishing’ email – including Whaling which are email scams targeted at high-profile victims like C-level executives and their teams.

According to this CNBC article: …companies [should] have a separation between who can initiate and who can approve a wire transfer. The FBI advises using multifactor authentication, which requires two ways of identifying yourself when signing into an account, such as a password and a code sent to your cellphone.

Contact SkyViewTek to learn about security options – like Proofpoint and firewall – to help protect your small business and minimize risks. Also, check out our options for Office 365 email backup. Call 610-590-5006 or email

Better Email Options than Verizon

Verizon is getting out of the email business and is forcing customers to move to AOL or other free email services. SkyViewTek offers many other better solutions when it comes to email for your business, like Microsoft Office 365 or Hosted Exchange – both of which offer real-time sync across multiple devices.

As a best practice, we recommend that businesses should never align their email address with their Internet Service Provider or a free email service – like gmail. Instead, we can help you setup a branded email for your business via the Microsoft platform. In this way, as a business owner or Office Manager, you have control over each employees’ email as they are hired or terminated.

For more information, contact us today or click here.