Everything You Need to Know About Spear Phishing

Everything You Need to Know About Spear Phishing

Spear phishing is a targeted type of phishing in which the scammer already knows some information about the victim.

In a phishing scheme, a victim is tricked into divulging information that can be used in a scam. Spear phishing is a targeted type of phishing in which the scammer already knows some information about the victim. 95% of enterprise network attacks involve a successful spear phishing attempt, and it’s a problem for individuals too.

So what’s the solution? Unfortunately, phishing attacks aren’t likely to go away anytime soon, and will continue to become more sophisticated. As such, the best line of defense is to know what to look out for and have your wits about you.

In this post, we’ll explain spear phishing with some examples, and show what you can do to prevent a successful attack.

What Spear Phishing Is

Spear phishing scams come in many flavors including brandjacking, in which scammers pose as businesses to dupe customers, and whaling, which targets company executives. They all have one thing in common: Unlike a run-of-the-mill phishing attempt, a spear phishing attack is targeted, and the scammer is armed with some knowledge about the victim.

This knowledge could be learned by various means such as a previous phishing attempt, a data breach, or social media. The lattermost can provide a ton of information, such as where one travels, eats, shops, banks, and more. The fraudster uses whatever information they have to earn the victim’s trust and obtain more information.

Spear phishing attempts often take place through email, but this isn’t always the case. Voice phishing (vishing) and SMS phishing (smishing) can also form part of a targeted attack.

To get a better idea of the types of spear phishing attacks making the rounds, we’ll look at a few examples:

  • Ubiquiti Networks Inc: A 2015 case saw this company swindled out of over $40 million in a case of CEO fraud. Employees thought senior executives were directing them to transfer funds from a Hong Kong subsidiary, but emails were actually fraudulent and funds were sent to the scammers.
  • Electronic Frontier Foundation (EFF): Another 2015 case involved a fake EFF website. Although it’s unclear who the targets were, the perpetrators capitalized on the trust placed in the EFF and duped victims into downloading keyloggers and other types of malware.
  • PayPal: PayPal users are popular targets of phishing attacks, with some being hit with more targeted emails that actually address them by name.

These are just a few of the large-scale scams that have been uncovered, but many smaller-scale schemes are in place at any given time, such as the impressive but fake Apple email below.

Bear in mind that messages might not always impersonate a company, and many spear phishing attempts can appear to come from individuals. For example, scam artists can easily pose as a friend or family member, or someone from the same local area or religious group.

How You Can Avoid Spear Phishing Scams

There really is no way to prevent perpetrators from attempting phishing scams, but businesses and consumers can defend against them. Here are the steps you can take:

  • Educate yourself: Alarmingly, 41% of people can’t identify a phishing email and 30 percent of all phishing emails in the US are actually opened. As an individual, you can educate yourself about what to look out for, and if you run a business, it’s a good idea to train employees in security awareness.
  • Use common sense: Look out for indicators that an email is fake, such as a misspelled company name or link text that doesn't match the link URL. Avoid clicking links and attachments in emails, and if you do land on a website, check for HTTPS in your browser’s address bar. Things like lack of an about page, outdated copyrights, or no contact information can be giveaways.
  • Don’t send personal information: This should fall under common sense, but it’s worth the extra emphasis. Businesses will rarely ask you to provide personal information over email, phone, or text message. Verify such requests using contact information from the actual company website.
  • Employ the use of tools: For businesses, tools like PhishDefender and Cofense can help prevent against successful phishing attempts. For individuals, spam filters can weed out many phishing emails. Additionally, password managers can detect phishing sites, as they’ll only autofill forms on known sites.
Spear phishing attacks are becoming more sophisticated, and it would be impossible to defend against every one. However, with a little education and a lot of common sense, you can help prevent

Featured

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.