What is Spear Phishing & How to Spot a Spear Phishing Attack
Michelle Wilson - November 1, 2021
Imagine you get an email from your boss during the last hour of work on Friday. He’s emailing you because he’s in a desperate situation, and only you can help. He needs you to access some documents and retrieve some information about the new company they’re soliciting to prepare for his meeting with them that’s happening in twenty minutes. The email address has his name and the company name in it, and you want to get in good with your boss, so you comply. Disaster averted. Right? Wrong.
A spear phishing is similar to a phishing attack where a person or organization is sent an email that looks to be from a trusted source but is actually from a cybercriminal. However, unlike phishing, spear phishing isn’t carried out by random attackers. Rather, spear phishing is a targeted attack by perpetrators seeking trade secrets, military information, or to gain specific finances.
Additionally, with spear phishing, the criminal usually pretends to be someone within your company. This is because most enterprise employees know to be suspicious of any unexpected requests for confidential information. Furthermore, they’re taught not to give out personal data in response to emails or click on links in messages unless they know the source of the email personally. However, with a spear phishing attack, the source appears to be known and trusted. Also, the information in the message will support the fact that the recipient knows the source by using personal details. Lastly, the request being made seems reasonable.
Table of Contents
How Does Spear Phishing Work?
Intimate knowledge is the crux of spear phishing. Using information from the internet, social networks, and social media sources, attackers can establish familiarity with their targets, convincing them that they’re who they’re pretending to be. In this way, they’re able to create a personalized message that appears authentic. As a result, the target is open to responding to the sender’s request.
Depending on what the attacker hopes to accomplish, they may ask the target for a direct email response, click on a link, or open an attachment. The link will send the person to a website designed to trick them into sharing sensitive information such as credit card information or passwords. The attachment, once opened, will usually install malware on the target’s device.
Phishers are experts at utilizing the innocuous pieces of information shared on social media to target their victims. However, not everyone on social media is a potential target. Spear phishers are seeking information about individuals of high value. They want people who either have a great deal of money or access to information that will lead to the acquisition of a great deal of money.
To find people of high value on social media, spear phishers utilize sophisticated machine learning algorithms that study text patterns and other details shared on social media sites. This technology then narrows down the options for spear phishing targets to a set of individuals who are the closest match for the kind of target the spear phisher wants.
After a target has been found, the spear phisher will send them an email that convinces them to act to give the phisher the information they need.
How to Spot a Spear Phishing Attack?
Spear phishing attacks use personal details in their messages to convince targets that they are who they claim to be. As a result, spear phishing techniques are harder to identify than phishing attacks. Nonetheless, a few common characteristics of phishing emails can help you identify spear phishing emails. These are:
- The sender’s email address is not the one you usually receive mail from. It looks similar to the email of the person you know, but you realize it’s not the same when looked at closely. For example, the domain is different, or there’s a typographical error. If this is the case, then the email has been spoofed.
- The sender is in a rush and needs you to accomplish a task quickly because it’s a matter of great urgency. Attackers usually create a sense of urgency to motivate the target to act quickly without thinking things through. This urgency also makes the target feel useful, which is a good motivator as well.
- The sender uses poor grammar, has typos, and uses language that they don’t normally employ. The tone may be too formal or informal, or the jargon might be incorrect for the recipient’s geographic location or industry.
Examples of Spear Phishing Attacks
A spear phishing attack will usually appear as an email from a sender you know. The attacker will have included contact information for the company and mimicked the company website or web pages.
The message will appear authentic because the perpetrator uses details that make it seem like the email is coming from someone within the company who might reasonably request confidential information, such as the network administrator.
The email will require the employee to log in to a bogus page where they have to enter their username and password or click on a link to download spyware or another malicious programming onto their computer.
This exact situation happened in December 2020 to Elara Caring, a US healthcare provider. The spear phisher targeted two employees and managed to access their email accounts, obtaining names, birthdates, financial and banking information, Social Security numbers, driver’s license numbers, and insurance information belonging to over 100,000 elderly patients.
What’s the Difference Between Spear Phishing and Phishing?
Spear phishing and phishing have the same objective; however, spear phishing attacks are more targeted. Phishing emails are sent to a large group of people, whereas spear phishing emails are sent to a specific group of people or individuals. Because spear phishing is targeted, the attackers can include personal information such as the target’s name and job title, making their malicious emails seem trustworthy.
How to Protect Yourself from Spear Phishing Attacks?
Although spear phishing attacks represent a significant threat, there are things that businesses and their employees can do to make it more difficult for spear phishers to execute a successful attack.
- Restrict the amount of personal information you share on social media and other websites.
- Employ security software. Defend your computer and smartphone by installing automatic security updates.
- Before clicking on a link in an email, hover your cursor over the link to view the URL. This will allow you to determine whether the URL matches the link’s anchor text and the email’s stated destination. If it doesn’t line up, don’t click it.
- Use multifactor authentication so that you’re required to supply two or more credentials when logging into an account. This way, if a criminal does get your username and password, it will be harder for them to get into your account.
- Reach out to the email sender through a separate communication channel to confirm that the request came from them.
- Create a backup of your computer and phone data. Copy your computer files to cloud storage or an external hard drive. This way, if they become compromised in a phishing attack, you can recover them.
- Employ analytics to perform an assessment of at least 12 months of company inbound email history. Analytics software inspects email content, tracks suspicious email traffic to specific user areas or users, and assesses user behavior within emails. As a result, this historical data allows companies to determine how best to improve security.
- Train employees in security awareness. Providing employees and executives with training on how to spot phishing emails will reduce the likelihood of someone falling for a spear phishing email. Furthermore, employees should be made aware of how to report suspicious emails to the IT security team.
- Perform an outside audit to assess how internal employees behave with critical information and IT assets. This audit will expose any holes incorporate security and employee security behavior to remedy vulnerabilities.