Spear phishing is a targeted email attack on an individual. In a spear phishing attack, cyber criminals use research gathered from social media and a user's online web presence to craft an email that appears to come from a friend or trusted colleague. The email may ask the user to share sensitive information, divulge credentials or to take some other action.
Spear phishing is designed to take advantage of a user's trust in the source of an email to get sensitive information that may allow hackers to steal identities, access financial accounts or breach corporate security.
Spear phishing attacks have led to devastating consequences for companies in a wide variety of industries. Every month, the headlines chronicle the latest successful attack, and IT teams everywhere resolve to implement anti phishingdefenses to avoid becoming the next victim.
Here's a brief tutorial on "What is spear phishing?" that provides some answers and phishing tips.
Spear phishing is a more targeted version of a phishing scam. A phishing attack typically targets a wide number of users with email that comes from a seemingly trusted source like a bank, credit card company or another business that many users interact with.
CEO fraud phishing, also known as whaling, is an even more targeted attack where email appears to come from the organization's chief executive or another C-suite address like the CFO or CIO. These attacks typically ask the user to transfer money to an account or vendor that turns out to be fraudulent, or to share credentials that allow hackers to access the corporate network.
Successful phishing attacks can cost a company millions of dollars, lead to fines and legal action, and result in a loss of revenue, customer trust and business opportunity.
Employees can help prevent attacks by learning how to spot phishing attempts. The first step is often to watch out for links, email addresses and domains that don't match or that contain anomalies, and to stay away from opening any attachment unless the user is absolutely certain it's legitimate. Bad grammar and poor spelling are also signs of a potential fraudulent email, as is language that threatens the user unless they take urgent action.
Mimecast provides anti phishing software as part of an integrated suite of email management services for security, archiving, continuity, backup and recovery, and compliance. Mimecast's cloud-based solutions are offered as SaaS-based services, enabling organizations to rollout spear phishing prevention measures immediately.
Learn more about spear phishing and Mimecast's solutions to prevent it.
What is spear-phishing?
Spear-phishing is a type of cybercrime where attackers use email that appears to be from a trusted, legitimate source to dupe a recipient into revealing financial account numbers, login credentials or other sensitive information. Spear-phishing attacks are highly targeted and create trust by using personal details about the recipient’s friends, family, employer, background or interests that are gleaned from social media or other online sources.
How does spear-phishing work?
To launch a spear-phishing attack, attackers learn as much as they can about their target from a variety of sources, including social media accounts. Attackers then send a fraudulent email that appears to be from a trusted source and encourages the recipient to take an action such as opening an attachment or clicking on a link that takes them to a spoofed website where they are asked to enter passwords, account numbers, access codes or other personally identifiable information. The attackers can then use that data to steal money, identities or information.
What are the characteristics of spear-phishing emails?
A spear-phishing email is likely to have one or more of the following clues that the email is fraudulent:
What is the difference between phishing and spear-phishing?
Phishing attacks are similar to spear-phishing in that they attempt to get targets to reveal sensitive information. But while spear-phishing is a highly targeted attack on a specific person, phishing attacks cast a much wider net and not personalized to individuals.
How to stop spear-phishing attacks?
Security awareness training can help users to more effectively identify and avoid spear-phishing emails. Email filtering technology can block suspicious email with header anomalies, malicious links and other telltale signs of spearfishing attacks. And technology that blocks access to suspicious URLs within email and to malicious attachments can help neutralize any spearfishing emails that slip past other defenses.