Spear Phishing 101: What is it and how to avoid it?
Forensic Focus - February 2016
“Spear phishing” is a fraudulent cyber-attack which involves tricking unsuspecting victims with content that appears to be from a trusted source. The goal of spear phishing is to obtain very specific information. This information can be financial information, personal information, passwords, and sensitive employee information. Spear phishing is a common choice of attack for cyber criminals who intend to steal assets, with the most common assets being money and sensitive information. The full impact of spear phishing may not be immediately evident if the attacker holds on to the sensitive information for separate exploitation against the victim’s personal or work related affairs.
Who is the Target?
The most common target is employees of an organisation. Spear phishing content is usually customised in order to increase the chances of a successful attack and exploitation. More elaborate attacks focus on employees who are in senior roles or have super-user privileges in key systems.
How does Spear Phishing Work?
Firstly, for a would-be attacker to convince its victim that the emails they are sending are legitimate, the attacker would preferably understand the target’s privileges and ability to execute a desired transaction in the attacker’s favour. The would-be attacker may obtain this information by hacking into an organisation’s network, or through easier measures, such as searching for information on websites and social networking sites, such as LinkedIn and Facebook for example. Any apparent preferences and interests of the victim would be extremely useful.
The attacker would then send emails which appear to be legitimate to the target. The content of the emails may offer rewards or request urgent sensitive information, such as passwords, access codes, and user IDs.
Some common forms of spear phishing are:
- Emails sent by attackers containing links to malicious websites which may be controlled by the attackers to record user activity (requesting the victim to login);
- Emails requesting authentication information, such as user names and passwords necessary for repairing fake issues;
- Emails with harmful attachments which can compromise a user’s system by infecting it with viruses and malicious code.
Once the attackers have your sensitive information, they would use this to access your systems, communicate with people who trust you, initiate banking transactions or even create new identities using your information.
Our recent article Identifying emails that target businesses provides more information about recent sophisticated email scams to watch out for.
How can I Defend Myself against Spear Phishing Attacks?
Awareness – educating staff on the threat of spear phishing and what to look out for can provide them with the knowledge to detect potential spear phishing attacks. Awareness of these threats can significantly reduce the risk of a staff member becoming a victim to this attack. Staff should also exercise good email practices, including:
- Never revealing sensitive information (e.g. personal, health, or financial information) in response to an email, regardless of who it is from.
- Never clicking on links in emails which may ask for personal or financial information.
- Checking that the address of the sender is correct. Often a spear phishing email address can be off by just one character, appearing correct at first glance.
- Reporting suspect emails which may be spear phishing attempts against the organisation.
Email Filtering – configuring email applications with rules to prevent spam emails is a form of defence which can potentially stop spear phishing attacks. Filtering can also ensure that mail from known sources originates from those sources.
Encryption – if only the sender and the individual know the shared secret key, then it is difficult for anyone to impersonate either party. Alternatively, if the email is cryptographically signed, the receiver can be sure the sender has access to the private key, which sound only be in possession of the legitimate sender.
Anti-Spam Defences – often phishing messages can originate from compromised computers or botnets. Anti-spam software and devices can identify the source of a compromised mail server. Having multiple devices or services for identifying spam improves the chances of detecting spear phishing.
Patch and Update Security Software – most operating systems and browser updates include security patches. An individuals’ name and email address may be all it takes for a hacker to exploit a security vulnerability into your system. Security software should always remain up to date.
It’s important to remember: Be careful with how much personal information you post online - you never know who might use it against you!
Please do not hesitate to contact Faris Azimullah or Anu Nayar if you would like to discuss the contents of this article, or if you would like more information about how to protect yourself from becoming a victim of spear phishing.