Provide security to your organizations and employees from spear-phishing attacks with the Mimecast spear-phishing prevention service.
A spear-phishing attack is a type of cybercrime where attackers send emails that appear to be from a known or trusted sender. The email is designed to convince an individual to share sensitive information or take action that allows attackers to steal data or money, to access accounts or to download malware. While a phishing attack is directed at a broad number of people, a spear-phishing attack is highly targeted to one or more individuals.
There are several ways to spot and prevent a spear-phishing attack. A spear-phishing email may include:
Spear-phishing comes in many forms, as fraudsters work across email and other communications channels to steal from your company. Cybercriminals often collect background information such as company email addresses and the names and job titles of targets from openly available databases and social networks to make their messages more credible; they also build fake websites to collect private information such as passwords and credit card numbers. It can be extremely detrimental to any organization to have sensitive information leaked via spear-phishing.
Successful spear-phishing attacks can lead to monetary losses, loss of intellectual property, brand reputational damage and more. By following these 5 best practices for spear-phishing prevention, organizations can put their best foot forward to prevent these potentially crippling attacks.
As more and more organizations are experiencing advanced targeted attacks, companies everywhere are seeking the most effective forms of spear phishing protection.
Spear phishing attacks trick users into revealing confidential information by sending an email that appears to come from a trusted source – a colleague, a supervisor or the finance or HR department. Hackers may include information in the subject line or content that shows knowledge of a user's company or industry. On highly targeted attacks, hackers may even use information gleaned from social media accounts to gain the user's trust before asking for sensitive data, credentials or financial transfers, as is the case in a wire transfer phishing attack.
To improve spear phishing protection, many organizations have attempted to educate users about the dangers of these emails, but nearly one-quarter of all phishing-based messages are still opened. And with more than 90% of all hacking attacks today starting with a phishing or spear phishing email, it's clear that companies require superior spear phishing protection to safeguard users, revenue and reputation.
As phishing and spear-phishing attacks continue to become more prevalent, organizations are seeking advanced solutions to prevent spear phishing and other targeted threats.
Spear phishing is a variation on email phishing scams that seeks to entice users to click on a malicious URL in an email that appears to come from a trusted source. Attackers may use spoofed Internet addresses or domain names, as well as social engineering techniques to fool employees into trusting the content of an email.
The risks are significant. 1More than 91% of hacking attacks today began with a phishing or spear-phishing email and roughly 23% of phishing emails are open by employees even after they have received training to spot potential fraudulent messages.
To prevent spear phishing and other targeted threats, Mimecast provides a leading email security service to stop phishing emails from infiltrating corporate email infrastructures.
In a spear-phishing attack, attackers use details about an individual, typically from online profiles or social media accounts, to convince the individual that an email is from someone they know trust. In the email, the recipient is asked to open an attachment or click on a link that takes them to a spoofed website where they are asked to enter sensitive information like passwords, account numbers, credit card details and other data that attackers can use to access accounts or steal an identity. A spear-phishing attack may also download malicious software to the recipient’s computer which can be used to inflict further damage.
Mimecast Targeted Threat Protection provides:
Learn more about stopping a spear-phishing attack with help from Mimecast and about Mimecast's secure email gateway and other secure email solutions.
Spear-phishing emails can be reported to a number of organizations dedicated to helping to prevent spear-phishing attacks. These include the Federal Trade Commission (www.ftc.gov/complaint), the Cybersecurity and Infrastructure Security Agency (email@example.com) and the Anti-Phishing Working Group (www.antiphishing.org/report-phishing). Users should also report spear-phishing emails to their company’s IT department, to the sender that the email is impersonating, and to the email provider who can take steps to adjust anti-malware and anti-spam filters to more effectively prevent spear-phishing attacks.