Email Security Blog

(Enterprise) Protect Yourself from the Top Spear Phishing Scams

Agari March 29, 2016 BEC
Fallback Featured Image

Snapchat and Seagate are just two of the latest companies to have fallen victim to spear phishing campaigns within the last month. As this highly-targeted approach to cyber attacks continues to claim enterprise victims, we take a look at some of the top spear phishing campaigns that companies are experiencing.

The Data Grab

Spear phishing isn’t always driven by criminals asking someone in Finance to transfer funds. Take the recent Snapchat attack where an employee in the payroll department was targeted by a dedicated phishing scam. A scammer impersonated the CEO asking for employee payroll information. Confidential payroll details about current and former employees were then mistakenly disclosed. Once equipped with this information, criminals have enough information to commit identify fraud – taking out credit in someone else’s name or even filing a phony tax return to get a tax rebate or refund.

Targeting System Admins

Increasingly IT is becoming a top-target for stealthy attackers looking to break into systems. For example, a phisher might pose as an executive and send an email asking for VPN credentials or server passwords. Often they will follow-up on this initial interaction with a fraudulent telephone call designed to add credibility and increase their success rate. Whereas criminals previously went after the consumer, now they are targeting big businesses and looking for new ways to sneak past their security measures in order to make money.

Business Email Compromise

The most publicized type of spear phishing is when someone in your Finance team receives an email instruction from the CEO letting them know that they need their support with a time-sensitive and confidential deal. The email address checks out so the Finance Controller replies and a dialogue is started that establishes rapport and trust. Then comes a clear directive to wire money to a specific bank account. Since most executives are reliant on email, there’s no phone call to confirm the transaction or secondary check so money is sent to an illegitimate account. Business Email Compromise has netted criminals $2 billion according to the Internet Complaint Center and affected 12,000 businesses worldwide in the last 18 months.

Protecting The Enterprise

Ultimately, no email should be sufficient to move money and no one person should be able to initiate and approve a wire transfer. Savvy organizations need to ensure that there is a mixture of inbound and outbound channels that can be used to verify any request for confidential or financial information.

Today’s businesses have to exercise a degree of caution by using tools like Agari Enterprise Protect to alert organizations to suspicious emails, regularly training employees and having robust processes in place. With the right approach, enterprises can restore trust in the inbox and prevent their business from being victims of carefully engineered and targeted attacks.


Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

July 9, 2019 John Wilson

BEC: Just Defend Against Business Email Compromise or Strike Back?

With losses from business email compromise rising fast, the active defense movement is generating buzz—but…

Agari Blog Image

June 11, 2019 Jim Routh

The Fight Against Cybercrime and BEC

Email has long been the number-one vector for cyberattacks, and remarkably, it is escalating quickly.…

Agari Blog Image

May 13, 2019 Crane Hassold

Quick, Urgent, Request: Agari Research Reveals Top Ten Subject Lines Used for BEC

You likely have a fraudulent email from a business email compromise (BEC) scammer sitting in…


January 15, 2019 James Linton

New Trend Sees BEC Gangs Focus on Executives for Payroll Diversion Scams

Human resources departments are the epitome of task ownership, carefully and efficiently connecting an organization’s…

California Fires

November 20, 2018 James Linton

Hostile Landscape of Email Threats Leverages California Wildfire Tragedy

California has witnessed its most deadly and destructive wildfire on record during the month of…

mobile image