Spear phishing is a phishing method wherein a specific targeted individual or groups of individuals are involved. Rather than going through a widespread distribution method, spear phishing is more of an isolated case. This method employs social engineering tactics to acquire the needed background information of the target. Espionage and impersonation may also be used in increasing the chances of the user to executing the task of opening the email and downloading the payload without suspecting the email or the sender itself as malicious.
Spear Phishing and Targeted Attacks
Spear phishing is typically used in targeted attack campaigns to gain access to an individual’s account or impersonate a specific individual, such as a ranking official or those involved in confidential operations within the company. Trend Micro researchers found that more than 90 percent of targeted attacks in 2012 were derived from spear phishing emails.
Spear phishing attackers perform reconnaissance methods before launching their attacks. One way to do this is to gather multiple out-of-office notifications from a company to determine how they format their email addresses and find opportunities for targeted attack campaigns. Other attackers use social media and other publicly available sources to gather information.
How to Defend Against Spear Phishing Attacks
No matter where you are in the organizational structure, attackers may choose you as their next spear phishing target to snoop inside an organization. Here are some best practices to defend against spear phishing attacks:
- Be wary of unsolicited mail and unexpected emails, especially those that call for urgency. Always verify with the person involved through a different means of communication, such as phone calls or face-to-face conversation.
- Learn to recognize the basic tactics used in spear phishing emails, such as tax-related fraud, CEO fraud, business email compromise scams, and other social engineering tactics.
- Refrain from clicking on links or downloading attachments in emails, especially from unknown sources.
- Block threats that arrive via email using hosted email security and antispam protection.