We touched on phishing in last month’s Information Security E-newsletter, but this month we are taking a deep-sea dive into spear phishing and why it can be so dangerous, yet so effective.
According to Oxford Languages, spear phishing is formally defined as “the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.”
While regular phishing utilizes generic and non-targeted attacks, spear phishing conducts extensive research on its victims, sending them emails seemingly from a trusted colleague, family member, friend, or even bank. Spear phishing emails will typically divulge personal information about the sender, to ease the mind of any suspicions and give a specific action item to create a sense of urgency.
Here’s where it gets dangerous: You are the target. In many cases, the cyber-attacker has gained unauthorized
access to the email account of an individual you know and trust (such as your accountant, a vendor or a professional organization to which you belong). The fraudster then targets you with specific emails using a similar communication style that imitates the legitimate sender. The goal of the cyber-attacker is to put you at ease with an email appearing to be from someone you know and trust so that they can convince you to open an attachment, click on a link or provide information that would further facilitate other malicious activity.
So how can you detect spear phishing emails? Easy giveaways include:
- The email will be time sensitive and encourage you to act quickly.
- The email may ask you to click on a link or attachment.
- The email may ask for user names and passwords, or other private information. It may also include one or more pieces of information to put you at ease so that you will be more likely to fill in the details the cyber attacker does not yet have.
The email may request funds transfers or other requests that would result in the transfer of funds.
You have a vital role when it comes to cyber security. While BankOnIT uses a multi-layered approach to security that includes a variety of technical solutions that are designed to stop a wide and ever evolving array of cyber threats, your awareness of cyber security and exercising caution are key to maintaining a secure network environment.
Copyright © 2020 BankOnIT, L.L.C.
Disclaimer: This publication attempts to provide timely and accurate information concerning the subjects discussed. It is furnished with the understanding that it does not provide legal or other professional services. If legal or other expert assistance is required, the services of a qualified professional should be obtained.