What is a spear-phishing attack?
A spear-phishing attack is a type of cybercrime where attackers send emails that appear to be from a known or trusted sender. The email is designed to convince an individual to share sensitive information or take action that allows attackers to steal data or money, to access accounts or to download malware. While a phishing attack is directed at a broad number of people, a spear-phishing attack is highly targeted to one or more individuals.
How do you recognize spear-phishing email attacks?
There are several ways to spot and prevent a spear-phishing attack. A spear-phishing email may include:
- A request to download a file or to provide sensitive information that is not typically shared via email.
- A sender email address that does not match the domain name of the company the sender claims to be from.
- An email format that is different than the emails typically received from the person or company the sender claims to be.
- A link within the email that, upon inspection, would take the user to a fraudulent website rather than the website listed in the text of the email.
- Suspicious files or unexpected invoices attached to the email.
- Content within the email is unusual or out of character for the sender.
Why is it important to prevent spear-phishing?
Spear-phishing comes in many forms, as fraudsters work across email and other communications channels to steal from your company. Cybercriminals often collect background information such as company email addresses and the names and job titles of targets from openly available databases and social networks to make their messages more credible; they also build fake websites to collect private information such as passwords and credit card numbers. It can be extremely detrimental to any organization to have sensitive information leaked via spear-phishing.
Spear-phishing prevention: 5 best practices to follow
Successful spear-phishing attacks can lead to monetary losses, loss of intellectual property, brand reputational damage and more. By following these 5 best practices for spear-phishing prevention, organizations can put their best foot forward to prevent these potentially crippling attacks.
- Implement an email-security solution that looks for impersonation attacks: Organizations should implement an advanced email security solution such as a secure email gateway that block malware, spam and the vast majority of email-borne attacks. However, because spear-phishing attacks do not usually contain malware, it’s best to add a layer of security such as DMARC (Domain-based Message Authentication, Reporting & Conformance) that looks for email impersonation attacks by authenticating emails against a database of senders.
- Encrypt Sensitive Information: Ensuring your organization encrypts its data will make it impossible for cybercriminals to gain access to any worthwhile or sensitive information.
- Use Multi-Factor Authentication: Requiring an additional login step beyond just inputting a password adds additional complexity for cybercriminals to gain access to data and systems.
- Regularly Update Security Systems: Ensuring security systems are up to date to with the latest patches helps to block any known areas that can be exploited.
- Conduct Security Awareness Training for Employees: By investing in an effective security awareness training program, employees are much more likely to identify and flag suspicious emails and spear-phishing attacks, helping to make employees the first line of defense.
Protect your users with superior spear-phishing protection
As more and more organizations are experiencing advanced targeted attacks, companies everywhere are seeking the most effective forms of spear phishing protection. Spear phishing attacks trick users into revealing confidential information by sending an email that appears to come from a trusted source – a colleague, a supervisor or the finance or HR department. Hackers may include information in the subject line or content that shows knowledge of a user's company or industry. On highly targeted attacks, hackers may even use information gleaned from social media accounts to gain the user's trust before asking for sensitive data, credentials or financial transfers, as is the case in a wire transfer phishing attack. To improve spear phishing protection, many organizations have attempted to educate users about the dangers of these emails, but nearly one-quarter of all phishing-based messages are still opened. And with more than 90% of all hacking attacks today starting with a phishing or spear phishing email, it's clear that companies require superior spear phishing protection to safeguard users, revenue and reputation.
Prevent spear-phishing attacks with Mimecast
As phishing and spear-phishing attacks continue to become more prevalent, organizations are seeking advanced solutions to prevent spear phishing and other targeted threats. Spear phishing is a variation on email phishing scams that seeks to entice users to click on a malicious URL in an email that appears to come from a trusted source. Attackers may use spoofed Internet addresses or domain names, as well as social engineering techniques to fool employees into trusting the content of an email. The risks are significant. 1More than 91% of hacking attacks today began with a phishing or spear-phishing email and roughly 23% of phishing emails are open by employees even after they have received training to spot potential fraudulent messages. To prevent spear phishing and other targeted threats, Mimecast provides a leading email security service to stop phishing emails from infiltrating corporate email infrastructures.
Prevent Spear-Phishing FAQs
How does a spear-phishing attack work?
In a spear-phishing attack, attackers use details about an individual, typically from online profiles or social media accounts, to convince the individual that an email is from someone they know or trust. In the email, the recipient is asked to open an attachment or click on a link that takes them to a spoofed website where they are asked to enter sensitive information like passwords, account numbers, credit card details and other data that attackers can use to access accounts or steal an identity. A spear-phishing attack may also download malicious software to the recipient’s computer which can be used to inflict further damage.
Tools for stopping a spear-phishing attack
Mimecast Targeted Threat Protection provides:
- Comprehensive protection against a spear-phishing attack without requiring additional infrastructure or IT overhead.
- Instant protection for all devices with no disruption to users.
- Fast implementation and activation through Mimecast's cloud platform.
- Granular reporting for real-time threat analysis.
Learn more about stopping a spear-phishing attack with help from Mimecast and about Mimecast's secure email gateway and other secure email solutions.
Where do I report a spear-phishing attempt?
Spear-phishing emails can be reported to a number of organizations dedicated to helping to prevent spear-phishing attacks. These include the Federal Trade Commission (www.ftc.gov/complaint), the Cybersecurity and Infrastructure Security Agency (phishing-report@us-cert.gov) and the Anti-Phishing Working Group (https://apwg.org/reportphishing). Users should also report spear-phishing emails to their company’s IT department, to the sender that the email is impersonating, and to the email provider who can take steps to adjust anti-malware and anti-spam filters to more effectively prevent spear-phishing attacks.