Spear Phishing Definition
Spear phishing is a targeted email attack on an individual. In a spear phishing attack, cyber criminals use research gathered from social media and a user's online web presence to craft an email that appears to come from a friend or trusted colleague. The email may ask the user to share sensitive information, divulge credentials or to take some other action.
Spear phishing is designed to take advantage of a user's trust in the source of an email to get sensitive information that may allow hackers to steal identities, access financial accounts or breach corporate security.
Spear phishing attacks have led to devastating consequences for companies in a wide variety of industries. Every month, the headlines chronicle the latest successful attack, and IT teams everywhere resolve to implement anti phishing defenses to avoid becoming the next victim.
Here's a brief tutorial on "What is spear phishing?" that provides some answers and phishing tips.
Examples of Spear Phishing
There are many ways spear phishing can take shape. In one example, the spear phishing email could be devised to appear to come from a trusted colleague or a business that the target user works with – also known as an impersonation attack - with a fake address or website that looks similar to the real one. It can be spotted by paying close attention to the spelling and punctuation used in the address. Some cybercriminals will use a different domain (.net instead of .com) or add extra characters to a legitimate address, such an underscore or dash. Some will use similar-looking characters, such as using a zero instead of an “o” or an “l” instead of an “i” to confuse the phishing target.
Spear Phishing vs. Phishing vs. Whaling
Spear phishing is a more specialized type of phishing attack that targets a specific user, thanks to personal information gleaned from online sources. In addition to using social media, fraudsters can now buy entire databases of information on the Dark Web, which makes it easier to craft a message that will get through.
Phishing is a spam email sent to hundreds or thousands of recipients, trying to get the user to send money, click on a link (usually dropping some malware in their computer) or access a website set up by the fraudsters to steal money, pilfer personal information or plant malware.
Whaling is a type of phishing email targeting a big fish. This even more specialized variety of spear phishing targets a specific user high in an organization’s hierarchy. This is also known as CEO or CFO fraud, and it involves sending a fraudulent email to the executive, claiming to be a subordinate or colleague.
Spear Phishing Attacks Protection
To protect your organization against spear phishing attacks, email security solutions that leverage machine learning tools are of the utmost importance. These solutions can detect and block known or unknown malware, malicious URLs, and attempts at impersonation or social engineering.
Additionally, security awareness training is an important line of defense against all kinds of phishing, to help staff stay on their guard. User testing, phishing drills and other unscheduled training that simulates an actual phishing attack can help keep users on their toes.
Spear Phishing Prevention with Mimecast
Successful phishing attacks can cost a company millions of dollars, lead to fines and legal action, and result in a loss of revenue, customer trust and business opportunity.
Employees can help prevent attacks by learning how to spot phishing attempts. The first step is often to watch out for links, email addresses and domains that don't match or that contain anomalies, and to stay away from opening any attachment unless the user is absolutely certain it's legitimate. Bad grammar and poor spelling are also signs of a potential fraudulent email, as is language that threatens the user unless they take urgent action.
Mimecast provides anti phishing software as part of an integrated suite of email management services for security, archiving, continuity, backup and recovery, and compliance. Mimecast's cloud-based solutions are offered as SaaS-based services, enabling organizations to rollout spear phishing prevention measures immediately.
Learn more about spear phishing and Mimecast's solutions to prevent it.
Spear Phishing FAQs
How does spear phishing work?
To launch a spear-phishing attack, attackers learn as much as they can about their target from a variety of sources, including social media accounts. Attackers then send a fraudulent email that appears to be from a trusted source and encourages the recipient to take an action such as opening an attachment or clicking on a link that takes them to a spoofed website where they are asked to enter passwords, account numbers, access codes or other personally identifiable information. The attackers can then use that data to steal money, identities or information.
What are some examples of spear-phishing?
There are many ways spear phishing can take shape. In one example, the spear phishing email could be devised to appear to come from a trusted colleague or a business that the target user works with – also known as an impersonation attack - with a fake address or website that looks similar to the real one. It can be spotted by paying close attention to the spelling and punctuation used in the address. Some cybercriminals will use a different domain (.net instead of .com) or add extra characters to a legitimate address, such an underscore or dash. Some will use similar-looking characters, such as using a zero instead of an “o” or an “l” instead of an “i” to confuse the phishing target.
What are the characteristics of spear-phishing emails?
A spear-phishing email is likely to have one or more of the following clues that the email is fraudulent:
- The sender’s name is different than the actual email address.
- The format of the email is different than any other email you have received from the same sender.
- There is a mismatch between an email address or URL in the body of the email and the address that appears when you hover your cursor over it.
- The email uses misspelled words, poor grammar or vocabulary that you would not expect from the sender.
- The email seems urgent and asks you to take fast action.
- The email requests you to share personal, financial or account login information.
- Email requests you to click on a link or open an attachment.
How to stop spear-phishing attacks?
Security awareness training can help users to more effectively identify and avoid spear-phishing emails. Email filtering technology can block suspicious email with header anomalies, malicious links and other telltale signs of spear-phishing attacks. And technology that blocks access to suspicious URLs within email and to malicious attachments can help neutralize any spear-phishing emails that slip past other defenses.