Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

What is Spear Phishing?

    • Updated:
    • 20 Sep 2018
    • Product/Version:
    • Deep Discovery Email Inspector 3.0
    • Deep Discovery Email Inspector 3.1
    • Deep Discovery Email Inspector 3.2
    • Hosted Email Security 3.0
    • ScanMail for Exchange 12.0
    • ScanMail for Exchange 12.5
    • ScanMail for IBM Domino 5.6 Linux
    • ScanMail for IBM Domino 5.6 Windows
    • Platform:
    • N/A N/A
Summary

Spear phishing is a phishing method wherein a specific targeted individual or groups of individuals are involved. Rather than going through a widespread distribution method, spear phishing is more of an isolated case. This method employs social engineering tactics to acquire the needed background information of the target. Espionage and impersonation may also be used in increasing the chances of the user to executing the task of opening the email and downloading the payload without suspecting the email or the sender itself as malicious.

Details
Public

Spear Phishing and Targeted Attacks

Spear phishing is typically used in targeted attack campaigns to gain access to an individual’s account or impersonate a specific individual, such as a ranking official or those involved in confidential operations within the company. Trend Micro researchers found that more than 90 percent of targeted attacks in 2012 were derived from spear phishing emails.

Spear phishing attackers perform reconnaissance methods before launching their attacks. One way to do this is to gather multiple out-of-office notifications from a company to determine how they format their email addresses and find opportunities for targeted attack campaigns. Other attackers use social media and other publicly available sources to gather information.

How to Defend Against Spear Phishing Attacks

No matter where you are in the organizational structure, attackers may choose you as their next spear phishing target to snoop inside an organization. Here are some best practices to defend against spear phishing attacks:

  • Be wary of unsolicited mail and unexpected emails, especially those that call for urgency. Always verify with the person involved through a different means of communication, such as phone calls or face-to-face conversation.
  • Learn to recognize the basic tactics used in spear phishing emails, such as tax-related fraud, CEO fraud, business email compromise scams, and other social engineering tactics.
  • Refrain from clicking on links or downloading attachments in emails, especially from unknown sources.
  • Block threats that arrive via email using hosted email security and antispam protection.
Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1121072
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.