Spear phishing is a variant of the traditional phishing attack that is highly targeted. The phishing message, usually an email, is sent to a discrete audience, a small group of employees, a specific individual or a high profile executive within a targeted business.
Similar to classic and traditional based phishing attacks spear phishing leverages social engineering to trick the user into a call to action to divulge sensitive or personal information or else click on a link or attachment that contains malicious software.
Advanced Persistent Threat (APT) attacks are where stealthy and sophisticated malware infect an organisation’s network for the purpose of subterfuge and malicious activities. It is well reported across the security industry that one of the main ways that malware can evade gateway detections to deploy the payload within a network is via a spear phishing based attack. Essentially, a targeted email with malicious URL or attachment is sent directly to someone within the organization and the individual victim is tricked into infecting their device, hence the organisation’s network.
Once the unsuspecting victim clicks on the email link or attachment, malware can be installed with the capability of stealing corporate credentials, bank account information or other personal / corporate information. Alternatively, the spear phishing attack can directly ask for such information without any need for malware.
The particularly nasty component to spear phishing is that the attack is very targeted. Criminals can glean a lot of corporate and personal information regarding an individual or a business that is already in the public domain such as the organization’s website, social media and business directories. Also the criminal can use other previous social engineering attempts to build up a profile of their intended victim. Using the previously garnered information, and some presumptions, a criminal can launch their a very targeted campaign, sending their phishing email to a specific person in the organization such as CFO, CEO, or other targeted victim.
Spear phishing mitigations are problematic to the polity of the attack and criminal activities. Reports from our customers and what our Security Analysts routinely observe is that Social Media presents a great opportunity for the criminals to leverage their nefarious activities. It is all too easy for the criminals to set up duplicate social media accounts and a build a false circle of trust – another avenue for the criminals to secure trusted information about the victim organisation.
[…] Email Compromise (BEC), formerly known as Man-in-the-Email scams are a blended Spear-phishing attack. BEC attacks follow similar traits to phishing, technical subterfuge with social […]
[…] Spear phishing are Phishing attacks that target specific individuals within an organization via emails that contain personalized information or attachments that appear to be legitimate, such as billing or shipping information. A variant of spear phishing is Whale Phishing, where the target is a major player in the organization – C level staff. […]
[…] Spear phishing has evolved and continues to evolve. Cybercriminals are using social media to gain insights and information about top level executives to assist their campaigns. […]
[…] sophisticated spear phishing attacks would victimize their target by attracting them talking about their hobbies and interest. Socially […]
[…] kind of spear phishing email can be extremely powerful against the two people posing as online retailer or business (by […]
[…] can be used as a backdoor to gain more information on the victim for other purposes such as spear phishing and inventive […]
[…] Spear phishing still has a high percentage rate of success which clickbait method falls into. Now that the social media platform has become more popular these days, criminals are taking advantage of it to look for their prey. […]
[…] business can provide a front layer of defense against spear phishing and APT attacks with the correct implementation of the DNS and mail server settings and […]