What is “soft-targeting” in cyber security?

In addition to the rapid rise in the number of ransomware emails, another method that is increasing in frequency is the “soft targeted” phishing message.

The soft targeted phishing email targets people in a particular job category, but may include some customisation, such as the name of the recipient in the salutation.

This is a growing trend and highlights the extraordinary lengths that cybercriminals will go to infiltrate a business’s network.

For example, a popular type of phishing email is the CV email, which supposedly has a CV from a job applicant in the attachment.

Recipients who don’t work in human resources or other jobs where they recruit staff would either ignore it or forward it to the appropriate person at the company. Other job functions can be targeted as well.

For example, a finance director may receive a message that says it’s an important message for the finance director and may have his name on the first line.

Other common types of soft-targeted phishing emails are billing, shipping and invoice-related messages.

It’s a clever tactic by the criminals as this more personalised soft-targeted approach, unfortunately, increases the likelihood that a malicious link will be clicked or a malicious attachment will be opened that could unleash ransomware or steal private or critical information from your business.

Top-performing anti-virus and anti-spam software will still flag up a warning about suspicious links and attachments but the personal nature of the message will often still tempt a person to open them. You must educate your staff to exercise extreme caution on anything that raises even the slightest suspicion and if your anti-virus software says don’t click or open, then don’t click or open!

Learn how to spot a fraudulent email and how to use early detection of malware in one of our previous blog articles to understand more about phishing and security breaches.

Find more information and IT security news here.