What Is Spear Phishing and How Do You Prevent It?

[harlan4096]

Is there any way to protect myself against spear phishing?

There’s more than one way to catch a ‘fish’ than phishing. And because the world of hacking always delivers when it comes to wacky wheeling-and-dealing, in this article I’ll be talking about spear phishing attacks. What is spear phishing, you ask? Long story short, it’s a phishing technique that plays on the victim’s trust or, rather his gullibility.

Spear phishing attacks are surgical, while general phishing attacks are more like “let’s cast this lure in the puddle and see what bites.” So, without further ado, let’s dig right into it. FYI: in this article, I’ll be covering the difference between spear and whale phishing and how to protect your company’s digital assets against them.

What is Spear Phishing?

So, what is spear phishing? According to the Big Book of things that go bump on the Internet and can really ruin your day, spear phishing is an email spoofing attack that targets very specific and very ‘employed’ individuals. As Aaron Ferguson noted, spear phishing attacks are directed against an employee or an organization.

What makes them so successful? Good question! Ferguson, an NSA agent and West Point Professor, said that the spoofed emails used in the attack look like they’ve been sent by well-known market actors such as PayPal, Google, Spotify, Netflix, and even Apple Pay.

In some cases, they make even take the guise of in-house emails, asking the employee to fill in credential requests. Why would someone be willing to share his/her credentials via email? Well, think of it this way: how likely are you to nix an email from your CEO, asking you ‘nicely’ to share your password and user because you’re far behind on your deadlines?

To further enforce the illusion, these spoofed emails use the moniker of an authoritarian figure (CEO, CTO).

And yes; the unaware user will click on any link, share any details, no matter how private they are, and will go on thinking that he dodged another bullet. Unfortunately, that reply will never reach your boss; it will end up in some hacker’s database who will have complete access to the company’s records.

Still, why is spear phishing that successful? Because the ‘spoofer’ really does his homework. Before a spear phishing’s attempt been made, the attacker will try to gather as much info as he can about his victim: name, work address, company’s profile, position, phone numbers, emails. When he has enough info, he will dispatch a cleverly penned email to the victim.

Continue Reading