While “phishing” has entered the vocabulary of most email users, the concept of a spear phishing attack is one that’s more elusive to the general public. It is a rarer type of cyber attack, but attention must be paid to this increasingly dangerous form of email crime. Both the FBI and the U.S. Secret Service have warned that 2015 could be the “year of spear phishing” – in June, the U.S. Secret Service issued a bulletin, warning that they are seeing a “significant increase in the frequency, sophistication, and fraud losses” associated with the rise of spear phishing attacks.
So what exactly is spear phishing and why is it progressively rearing its ugly head?
Where phishing scams involve a broad and varied range of targets, spear phishing hones in on a specific group, organization or even person. A very targeted email scam, the sole purpose of spear phishing is to obtain unauthorized access to sensitive data. This could be theft of intellectual property, financial data, trade or military secrets – generally high-value, confidential data.
Like phishing, spear phishing is an attack typically carried out via email, and could be sent with either a malicious attachment or with a link to a malicious website. However, spear phishing emails are much more targeted, counting on familiarity to succeed. Spear phishers are much more sinister than phishers – for example, they will likely know enough about you to personalize the greeting to Hi [First Name], instead of “Dear Sir”. Cyber criminals may know details such as where you work, or have information about your recent online purchases. Referencing these details in their email will make the message seem legitimate, making the victim more likely to give the information the attackers are after.
Watch the video below to learn more about email fraud from Agari’s Field CTO, John Wilson.
With the growing availability of platforms through which attackers can leverage personal information, such as social media sites, potential victims are increasingly easy to identify and target.
As hackers continue to launch more sophisticated spear phishing attacks, the deployment of the DMARC standard for email authentication will only grow as organizations look to reduce the potential for email-based abuse. DMARC can help stop criminals spoofing a brand’s own domains and combat spear phishing by identifying and blocking fake e-mails that appear to be from trusted and even internal e-mail delivery domains.
Anyone who wants to take a proactive approach to eliminating all types of malicious email, including spear phishing, should investigate and implement DMARC in order to protect their business.