Spear phishing is a phishing attack that is targeted against an individual. These emails are designed so that victims trust the message enough to open it and act on it. They are sophisticated and are carefully crafted so they appear to come from a trusted contact, such as a manager, customer, accounts, and commonly IT support.
- In all cases, the attacker will research the victim, find their contact details, and craft an email that appears plausible. They will use social media and other open-source intelligence techniques to find out more about the victim, including where they work, who they work with, and even their hobbies.
- The payload of a spear phishing attack can be conventional malware, spyware, or ransomware. But attackers also use the technique to extract confidential information, such as personnel records, intellectual property, or financial information.
- Some spear phishing emails are also crafted to appear to come from a senior person within an organisation to finance personal, requesting a payment be made into a specific bank account.
Compared to mass email phishing attacks that rely on a scattergun approach to get results, spear phishing is laser-focused. But because messages are crafted to target specific individuals they are all the more dangerous.
The dangers posed by spear phishing attacks are many:
- Theft of personal data
- Theft of ID credentials
- Theft of intellectual property
- Obtaining information that is used for an attack on a higher level target
- Malware and spyware infections
- Ransomware infections
- Links to sites that harvest credentials or personal data
- Wire fraud and theft of financial information
There are many incidences of spear phishing emails in which the attackers have made off with millions following a lengthy and careful campaign. Even large security vendor employees have fallen foul of spear phishing, unwittingly allowing attackers into the network.
However, spear phishing is certainly not limited to large enterprises. Organisations of all sizes are targets. This may be hard to understand for small businesses, who question why they would be a target. To start with small businesses are easy to hack because they often have poor defences or none at all.
A small business can be used as a bridgehead from which to launch an attack against a client or competitor, the information they hold might be valuable to attackers, the attackers might simply want to plunder back accounts or impersonate someone to carry out a larger fraud. In short, while the reasons might vary, small businesses are just as vulnerable to spear phishing as are their larger counterparts.
How to prevent spear phishing
There isn’t a single defence against spear phishing; rather a layered approach needs to be adopted. Enterprises have deeper pockets than small businesses so they can afford to deploy new technologies such as email authentication based on machine learning or develop tech capabilities that detect and respond to suspected attacks.
That said, small businesses can still avail themselves of advanced technologies dedicated to the small business market such as BullGuard Small Office Security.
- It incorporates an advanced, and award-winning, protection features such as a triple-layered antimalware engine and machine learning that detects and nullifies new threats as they emerge.
- It protects against spear phishing attacks that are designed to inject malware into the network such as ransomware and spyware.
- It is easily and quickly deployed on every computing device, including smartphones and remotely-used laptops, via email.
You can see just how good BullGuard Security Office is, and easy to manage, with a free, no strings attached, 3-month cybersecurity. Simply click here.
Education, education, and education
On top of this, user education is equally critical. An email that has insider information or other signs of authenticity, such as references to a real person, company, or brand can easily fool both the average recipient and sophisticated user.
- Check the sender’s email and address – Often, when we receive an email, we see only the sender name. The attackers can easily spoof the name of someone who emails you regularly. If you get an email asking you to share sensitive information don’t just believe the sender name; verify the email address as well.
- Check the email format – With an advanced level of spear phishing email attack, the attackers can spoof both the name and email address of someone you know. However, the format of the email can give you a hint about the content. If the email format doesn’t match with previous emails from the sender in the past, take further measures to confirm whether it is authentic.
- Make a phone call – A clever attacker can spoof the name, email address, and even the format of the email. If the demand in the email is sensitive, such as transferring a large amount of money, then don’t hesitate to make a phone call to the sender to confirm whether it’s a legitimate request.
- Verify shared links – Sometimes, an attacker tricks you to click on a link shared via email. Even if you are sure about the sender’s email address and the name, make sure the link embedded in the hypertext does not lead to a fraudulent website or malicious code. A simple trick is to hover the cursor over the link. It gives you a complete address of the link that you shall be redirected to after clicking. If you see the web address or the link path is suspicious, never click the link.
These are some of the basic tactics to identify spear phishing emails. Although spear phishing is the lethal weapon of the modern cyber attackers, these common precautions can safeguard you and your organization from such attacks.