Spear phishing attack

Prevent a spear phishing attack with Mimecast.

Prevent a spear phishing attack with Mimecast.

A spear phishing attack is an email-based threat seeking to dupe employees with email messages appearing to come from a trusted source. A spear phishing attack may attempt to get an employee to divulge credentials or other confidential information, or convince them to click on a malicious link, open a weaponized attachment or visit a malicious website.

The vast majority of hacking attacks today begin with a phishing or spear phishing attack. The damage from phishing threats can be devastating, costing your organization millions of dollars in disruption to business, damage to reputation and loss of customer confidence and loyalty.

Mimecast secure email services provide a critical defense to protect against a spear phishing attack as well as other advanced threats, viruses, malware, spam and data loss. With Mimecast's cloud-based secure email service, you can achieve always-on and always up-to-date protection eliminating the cost and complexity of traditional email security solutions.

Targeted Threat Protection mitigates a spear phishing attack.

Mimecast targeted threat protection provides critical defenses against the two most common forms of a spear phishing attack: malicious links and email and weaponized attachments.

Targeted Threat Protection – URL Protect provides real-time scanning of all URLs in incoming email as well as archived emails. When a link in an email is clicked, the destination website is scanned in real time for potential threats before it's opened in the user's browser. Mimecast opens safe sites normally, while blocking access to suspicious sites and displaying a warning page. URLs are scanned on every click to protect against a scenario where a URL that was safe on the first click is compromised at a later date. This kind of wholesale protection provides greater security than attempting to identify and isolate a single spear phishing attack.

Targeted Threat Protection – Attachment Protect neutralizes the threat from a weaponized or malware-containing attachment. Every attachment is preemptively sandboxed and checked before being delivered to employees. Mimecast also offers an optional transcription service that automatically converts attachments into a safe format to eliminate any malicious code.

Tools for stopping a spear phishing attack.

Mimecast Targeted Threat Protection provides:

  • Comprehensive protection against a spear phishing attack without requiring additional infrastructure or IT overhead.
  • Instant protection for all devices with no disruption to users.
  • Fast implementation and activation through Mimecast's cloud platform.
  • Granular reporting for real-time threat analysis.

Learn more about stopping a spear phishing attack with help from Mimecast and about Mimecast's secure email gateway and other secure email solutions.

FAQ: Spear Phishing Attack

FAQs: Spear Phishing Attack

What is a spear-phishing attack?

A spear-phishing attack is a type of cybercrime where attackers send emails that appear to be from a known or trusted sender. The email is designed to convince an individual to share sensitive information or take action that allows attackers to steal data or money, to access accounts or to download malware. While a phishing attack is directed at a broad number of people, a spear-phishing attack is highly targeted to one or more individuals.

How does a spear-phishing attack work?

In a spear-phishing attack, attackers use details about an individual, typically from online profiles or social media accounts, to convince the individual that an email is from someone they know trust. In the email, the recipient is asked to open an attachment or click on a link that takes them to a spoofed website where they are asked to enter sensitive information like passwords, account numbers, credit card details and other data that attackers can use to access accounts or steal an identity. A spear-phishing attack may also download malicious software to the recipient’s computer which can be used to inflict further damage.

How to recognize a spear-phishing attack?

Because a spear-phishing attack is highly targeted to a specific individual, it is much more difficult to spot than other email-borne threats. Some of the things to look for include:

  • A sender email address where the domain does not match the domain of the company the sender claims to be from.
  • A link within the email that, upon inspection, would take the user to a website that’s different than the website listed in the text of the email.
  • A request for information that is not usually shared via email.
  • An email format that looks different than the messages usually received from sender.
  • Suspicious files or unexpected invoices attached to the email.
  • Content, language or requests within the email that are unusual or out of character for the sender, or that contain urgent language suggesting the recipient should act quickly.

What to do during a spear-phishing attack?

If you suspect you have fallen prey to a spear-phishing attack – if you’ve already clicked on a link, opened an attachment or provided sensitive information – you should immediately:

  • Disconnect your computer from the Internet to stop any malware from being installed on it.
  • Immediately let your supervisor and your IT department know what happened so they can take steps to minimize the damage.
  • Perform a scan for malware or viruses on your computer that might have been downloaded during the attack.
  • Change your login credentials – including passwords and usernames – on any accounts that may be in jeopardy, based on the information that you shared with the attackers.
  • Report the spear-phishing attack to the Federal Trade Commission (ftc.gov/complaint), the Cybersecurity and Infrastructure Security Agency (phishing-report@us-cert.gov) and the Anti-Phishing Working Group (www.antiphishing.org/report-phishing).

How to avoid a spear-phishing attack?

Avoiding a spear-phishing attack usually involves a variety of preventive measures.

  • Security awareness training can help users spot the indicators of a potential spear-phishing email and to know what to do when they are under a spear-phishing attack.
  • Strong anti-malware and anti-spam protection can help to filter out potential attacks as they into the network, before they reach the mailboxes of users.
  • Solutions for DNS authentication that use DMARC, SPF and DKIM protocols can help to identify and stop potential spear-phishing attack
  • Technology that scans and filters all email can prevent a spear-phishing attack by blocking users from clicking on malicious links, opening dangerous attachments, and by blocking or quarantining email that may be using social engineering techniques to impersonate a trusted source.
  • Two-factor authentication protocols for login credentials can prevent attackers from accessing accounts with information they’ve stolen from an individual in a spear-phishing attack.