What is Spear Phishing?
You may be familiar with phishing attacks. These are emailssent by cyber criminals to millions of potential victims around
the world designed to fool, trick or attack them. Usually, these
messages appear to come from a trusted source, such as someone
you may know. The emails often have an urgent message or deal
for you that is simply too good to pass up. If you click on the link
in a phishing email you may be taken to a malicious website that
attempts to hack into your computer or harvest your username
and password. Or perhaps the phishing email may have an
infected attachment—if you open the attachment it attempts to
infect and take control of your computer. Cyber criminals send
these emails to as many people as possible, knowing the more
people that receive the email, the more people will likely fall
victim.
While phishing is effective, a relatively new type of attack has
developed called spear phishing. The concept is the same:
cyber attackers send emails to their victim, pretending to be
an organization or a person the victim trusts. However, unlike
traditional phishing emails, spear phishing messages are highly
targeted. Instead of sending an email to millions of potential
victims, cyber attackers send spear phishing messages to a very
few select individuals, perhaps five or ten targeted people. Unlike
general phishing, with spear phishing the cyber attackers research
their intended targets, such as reading the intended victim’s
LinkedIn or Facebook accounts or any messages they posted
to public blogs or forums. Based on this research, the attackers
then create a highly customized email that appears relevant to the
intended targets. This way, the individuals are far more likely to
fall victim to the attack.
Effectiveness of Spear Phishing
Spear phishing is used when the cyber attacker wants to specificallyattack you or your organization. Instead of simple criminals out
to steal money, attackers who use spear phishing have very
specific goals, usually accessing highly confidential information
such as corporate business secrets, plans for sensitive technology
or confidential government communications. Or perhaps your
organization was targeted simply as a stepping stone to gain access
to another organization. Such attackers stand much to gain, and
they are willing to invest the time and effort to research their targets.
For example, a criminal entity may decide that your organization
holds personal customer information that is key to their economic
success and they begin to target you. They research your
organization’s website and identify three key individuals. These
attackers then research the LinkedIn, Twitter and Facebook pages
of those three individuals and create a complete dossier on them.
After analyzing these targeted individuals, the attackers then
create a spear phishing email pretending to be a supplier that your
organization uses. The email has an attachment pretending to be
an invoice, when in reality it is infected. Two of the three targeted
individuals are tricked by the spear phishing emails and open the
infected attachment, giving the criminal entity total access to their
computers and, ultimately, all of your organization’s customer data
and corporate strategic plans, which they will now exploit.
Spear phishing is a far more dangerous threat than simple phishing
attacks, as the attackers are crafting an attack specific to you or
your organization . Not only does this increase the chances of the
attacker’s success, but these attacks are far more difficult to detect.
Protecting Yourself
The first step to protecting yourself against these targeted attacksis to understand that you may be a target. After all you and your
organization possess sensitive information that someone else
might want, or can be used to access another organization that is
the attacker’s ultimate goal. Once you understand that you could
be targeted, take the following precautions to safeguard yourselfand
your organization:
• Limit the information you post about yourself, such as mail
forums, Facebook or LinkedIn. The more personal details
you share, the easier it is for cyber attackers to craft a spear
phishing email that appears relevant and genuine.
• If an email that asks you to open an attachment or click a
link appears suspicious or requests sensitive information,
verify the message. If the email appears to come from a
company or a person you know, use the contact details you
already have on file to contact the sender and verify that
they sent you the message.
• Support IT Computer Specialist security efforts by following the
appropriate security policies and making use of the security
tools that are available to you, such as antivirus,
encryptionand patching.
• Remember, technology cannot filter and stop all email
attacks, especially spear phishing emails. If an email
seems a bit odd at first, read through it carefully. If you are
concerned that you may have received a spear phishing
email or fallen victim to spear phishing attack, contact
IT ComputerSpecialist immediately.
Computer Security Services - Stuart - Port St Lucie - Jupiter
No comments:
Post a Comment