What’s spear phishing?
Spear phishing is a highly targeted type of phishing attack that focuses on a single user or department within an organization. A staggering 91% of cyber attacks on organizations began as spear phishing. It’s therefore a risk that every company needs to understand.
A spear phishing attack aims to gain access to sensitive information or a private network within a company. It targets an individual or group by sending them emails designed to look like they come from within the company. This might include human resources or the technical support department, for example. The email will request sensitive information such as login IDs and passwords. Since it appears to come from a trusted interal source, the target is more likely to provide the information. Once hackers get the information, they can gain entry into the company’s secured networks.
Another variation of this attack will ask the target to click on a link. This link deploys spyware that can spy on sensitive data. Here, all the attacker needs to do is wait, and they will eventually get the data they need.
How does spear phishing work?
As a highly focused attack, successful spear phishing requires deep research and careful consideration. Here’s a brief overview of how potential obstacles are managed by the attacker.
Identify email addresses
The first step for any spear phishing attempt is to identify the target(s). This means defining exactly what the objective of the attack is (system access, private information), and who can provide access to it. This might involve research on the company website, job listings or LinkedIn to establish key stakeholders, and the relationships between them.
From there, the attacker simply needs to locate the email addresses of the target(s). This can be done relatively easily using LinkedIn or an email harvesting tool.
Circumvent Antivirus software
The chances are high that the target company will be using an anti-virus software or firewall. This would prevent spear phishing emails from reaching the target to begin with – it would simply be filtered out. So a well-executed spear phishing campaign would first establish what anti-virus software a company is using. This can often be established by looking at job listings for the company’s tech department.
The attacker can now test their message out to make sure it will get through the company’s security filters.
Social engineering scenario
With the research done, it’s time for the “story” to be set up within the email. This can take many forms, including:
- A message from accounts, asking for payment information
- An email from your boss, asking for login details to a company system
- An email from your company’s tech department, asking you to click a link containing malicious code
In all cases, the context and authority of the “sender” make the scenario seem credible. This means an unsuspecting employee might be persuaded to provide the information. This is why it’s imperative to train, and regularly test, all employees on cyber attack risks.
Harvest sensitive data
Not all spear phishing emails will be successful. But the ones that are can produce very valuable results for attackers. For example, if an attckers deploys spyware successfully via a link or attachment, they simply need to wait to see all sorts of highly sensitive information.
Alternatively, if the attacker has convinced the target to provide company login details, the attacker can easily gain admin control of the system in question and start doing serious damage.
How to spot a spear phishing email
Since this type of attack normally begins with an email, it’s crucial you know what to look for.
Here are some of the telltale signs:
- The sender has an incorrect or unknown email address
- It asks for sensitive information
- Its content creates a sense of urgency
- The message contains links that don’t match the sender or domain
- The email unexplained attachments