Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Spear-phishing attempts:
- Are usually initiated by perpetrators looking for financial gain or other proprietary information from your company.
- Are not usually initiated by random hackers.
- Generally include true information in the email to create a sense of familiarity.
- Usually sent by a known organization or contact.
- Will coerce the target to install malware or navigate to a malicious site designed to trick the target into giving out sensitive information.
Spear phishing has the same goal as normal phishing, but the attacker first gathers information about the intended target. This information is used to personalize the spear-phishing attack. Instead of sending the phishing emails to a large group of people, the attacker targets a select group or an individual. By limiting the targets, it's easier to include personal information -- like the target's first name or job title -- and make the malicious emails seem more trustworthy.
To increase success rates, these messages often contain urgent explanations on why they need sensitive information. Victims are asked to open a malicious attachment or click on a link that takes them to a spoofed website where they are asked to provide passwords, account numbers, PINs, and access codes. An attacker posing as a friend might ask for usernames and passwords for various websites, such as Facebook, so that they would be able to access posted photos. In reality, the attackers will use that password, or variations of it, to access different websites that have confidential information such as credit card details or Social Security Numbers.
Once criminals have gathered enough sensitive information, they can access bank accounts or even create a new identity using their victim’s information. Spear-phishing can also trick people into downloading malware or malicious codes after people click on links or open attachments provided in messages.
SPEAR-PHISHING VS. PHISHING
|Phishing Attacks Are:||Spear Phishing Attacks Are:|
|Sent to many people indiscriminately||Targeted at one person or a small group|
|Come from a random, non-personal entity||Appear to come from an entity the target is already familiar with, such as another person within their company or another business in their network|
|Don’t contain personal information||Contain as much direct, personal information as possible (i.e. name, position at company)|
|Easier to identify as a scam||Harder to identify as a scam|
Both spear-phishing and phishing are scams with the same goal of acquiring confidential information via impersonation of another entity. Phishing attacks are more general and are usually sent to lots and lots of people at the same time. Spear-phishing attacks do the opposite, they attempt to be as personal as possible and are only sent to the specific individuals they are trying to trick.
Phishing scams will usually impersonate a large corporation with name recognition and familiarity, for example, Google or Wells Fargo. In contrast, Spear-phishing attacks are structured to come from a more personal place and often impersonate someone within the target’s close acquaintances. Executing a spear-phishing attack requires more time and research upfront and because the emails are so personal, they are much harder to identify.
Spear-phishing attacks are becoming much more prevalent as software and users learn how to easily identify regular phishing attacks. Many employees are learning to be more suspicious of unusual or out of character requests for confidential information and will double-check the sources of all requests before offering up sensitive information.
Spear-phishing scams have risen in popularity because of the higher level of difficulty in detecting them as opposed to regular phishing scams. Because of this level of personal customization, standard security options are often not enough to stop these types of attacks. A simple mistake by one employee can open the door for hackers to steal data, plant malware or commit other malicious acts. Even high-ranking executives within companies may find themselves opening emails that they previously thought were safe.
- The source of the communication must appear to be a known or trusted entity.
- The content of the communication has some sort of information to back up the validity of the communication’s source.
- The communication makes a request for information that seems logical and not too far out of place.
These types of attacks can be difficult to deter, but not impossible if you have the right types of security in place. Education about the risks of spear-phishing and spear-phishing prevention is an important step. Anyone that has access to sensitive company information should be instructed to never commit to any confidential transaction on the basis of email alone. Email clients like Gmail should never be used to pass sensitive information between two people. Instead, secure channels should be set up to share this type of information.
On top of educating employees, email security technology should also be employed to help deter these kinds of scams. The Barracuda Web Filter, Barracuda Email Security Service, and Barracuda Spam Firewall, are all designed to provide protection against spam, malware, and attacks like spear phishing.
How Barracuda Can Help:
Barracuda Sentinel is a cloud-hosted service that uses artificial intelligence for real-time spear-phishing and cyber fraud defense. It connects directly to Office 365, so it works alongside any email security solution with no impact on network performance or user experience.
Barracuda Essentials scans your email traffic to block malicious attachments and URLs, including those in phishing and spear-phishing emails. It also uses advanced analysis to spot typo-squatting, link protection, and other signs of phishing.
Barracuda Advanced Threat Protection is a cloud-hosted service available as an add-on subscription for multiple Barracuda security products and services (a 90-day subscription is included with Barracuda Essentials). It uses signature matching, heuristic and behavioral analysis, and static code analysis to pre-filter traffic and identify the vast majority of threats. Finally, it feeds remaining suspicious files to a CPU-emulation sandbox to definitively identify zero-day threats and block them from reaching your network. This means that it can block phishing and spear-phishing emails carrying zero-day payloads that other techniques might miss.
Do you have more questions about Spear Phishing? Contact us now.