The typical worm or virus spreads opportunistically wherever and whenever it can. A targeted attack, however, is rather different and does exactly what it says – the malware authors craft something designed to fool a specific firm or person. For example, they might host the malware payload in a Word document custom-crafted for each target company, as this makes it look as legitimate as possible.
Such targeted attacks are becoming more and more common. Unless you're careful, you could become the next victim – so we’ve come up with some advice to help prevent that happening.
Individuals can get hit by targeted attacks too. It seems that every week brings news of a fresh data breach that imperils private data. Truly sensitive databases like those containing credit card numbers tend to have better protection, but personal information like your address, contacts, and even likes and dislikes are often exposed. Even with no data breach, your personal information isn't all that private. Sites like Spokeo (in the US) or PeekYou can reveal your address, phone number, age, and more.
Armed with these details, a hacker can generate spurious email messages that look all too real. You wouldn't click a link in an email message from a stranger, but if the message seems to come from one of your friends and includes real-world information that (you think) only a friend would know, you may well lower your guard.
You can and should do your best to recognise suspicious messages and avoid risky behaviour. Don't click on links in email messages, don't believe a message is valid just because it includes personal information, look for the green tint in the URL bar that indicates the site is safe, and so on. But face it – the bad guys are pretty clever. At the industrial espionage level they're really clever. They might still put one over on you, so you need to prepare against that possibility.
Installing a comprehensive security suite will help on many levels. Even if you're fooled into clicking on a poisoned link, a good security suite can save you. Our favourites include Kaspersky, Bitdefender, and BullGuard.
If the aim of the attack is to have you open a malware-infested document, once again a good security suite or antivirus can help. Many of them scan all email attachments; by the time you read the fake message your antivirus may have stripped off the malicious attachment.
Consider installing and using a password manager. Instead of clicking a link in a message supposedly from your bank, use the password manager to navigate and log in to the site. If you accidentally link to a fake site, the password manager won't insert your login credentials. You might want to check out our closer look at the best password managers.
Don't be the goat
These precautions will probably keep you safe from personal targeted attacks. If the attack is targeted at your business, though, someone in the firm will probably fall for it. By staying vigilant you can at least ensure that you won't be the one blamed when hackers take down the company network.