Spear Phishing: Why Targeted Email Attacks Are The Leading Cause Of Major Company Data Breach

Phishing is a broader term for any attempt to trick victims into sharing sensitive information such as usernames, passwords, credit card details, and other sensitive information for malicious reasons. They are not personalized to their victims and are usually sent to masses of people simultaneously as if it is from an authentic organization. In other words, it’s like casting a net into the ocean to catch fish of any kind; they mass release their phishing emails in hopes that some people will fall for it.

One of the most common phishing type, spear-phishing, is a targeted attempt to steal sensitive and personal information from a specific victim. This is achieved by acquiring personal details of the victim from the stuff they post on social media, everything from where they grew up, to the name of their first pet, to their birthday. Attackers use email or other online messaging platforms to disguise themselves as entities close to their target to accumulate sensitive information. Because this technique is so successful, it accounts for approximately 91% of all phishing in the United States today.

Spear-phishing attacks require more thoughts, resources, and time than other phishing attacks. Spear-phishing attackers try to obtain as much personal information about their victims as possible to make the emails that they send look legitimate and believable to increase their chance of fooling recipients. Because of these emails' personal level, it is more difficult to identify spear-phishing attacks from other phishing attacks conducted on a wide scale. Due to this, spear-phishing attacks are becoming more and more widespread in the cyber arena.

How does spear phishing work?

So this is how it works, the victim receives an email, apparently from a trustworthy source, but instead, it leads the unknowing recipient to a fraudulent website full of malware. The “from” part of the email is often spoofed to make it look like it’s either from a known entity, a domain that resembles yours, or your trusted associates. For instance, the letter “o” might be replaced with the number “0,” or the letter “w” might be changed to “ш” from the Russian alphabet.

Often, these attacks are government-sponsored hackers and hacktivists. Cybercriminals also attack intending to resell confidential data to governments and private companies. These cybercriminals use approaches designed specifically for each individual with social engineering techniques to personalize messages and websites effectively. As a result, even high ranking officials within organizations, like top executives, will find themselves falling for the trap. That slip up will enable the cybercriminals to steal data to attack their networks. Reports have shown that most phishing emails contain personal information that is usually obtained through intrusions or from data posted on social networking or other sites.

To fight spear phishing cons, your employees need to be aware of the threats, such as the possibility of fake emails landing in their inbox. Besides education, a technology that focuses on email security is necessary. You must secure your company and employee’s data from phishing attacks using software that can combat such attacks.

Tips on how to avoid and protect yourself from spear-phishing

• Always restrict as much information as possible and give the bare minimum information needed on social media or other sites.

• Having a strong and different password for all of your accounts is one way to prevent scammers from having access.

• Update your software whenever your software provider notifies you. Especially look for your Internet security suite and operating system updates.

• Please don’t click on links sent to you, claiming it is your bank or others. Instead, launch your browser and go directly to the bank’s site instead of clicking on the link itself. One way to detect whether a site is legit or not is by hovering over the URL and checking whether the destination matches the anchor text.

• Use common sense when you open an email. If an email is sent to you claiming that they are “friend” and ask for personal information, it is most probably a scam and suspicious. If you think it possible that it’s your friends or colleagues emailing you, give them a call and confirm before opening any suspicious links.