Spear Phishing Attack

Spear Phishing Attacks

Nowadays phishing attacks are very common. There are many types of phishing attacks and spear phishing is one of them. Spear phishing is a common type of phishing attack. In this article, we are going to discuss spear-phishing – spear-phishing definition, how spear-phishing works? What helps protect from spear phishing?   

 

Spear Phishing Definition

Spear phishing is a cyber attack that uses personal information to target an individual. The attack comes in the form of an email often stating that someone you know or even a company is in business with these attackers, whether they use the information you post on social media. Such as where you work, where you shop and bank, and who you are associated with.

 

In our previous article, we discussed how to prevent from email phishing scams. if you are interested check it out. 

 

How Does Spear Phishing Work?

This is an example of how criminals plan and execute cyber-attacks. First, they research publicly available information and the company’s website. From the company website, the criminals gathered information about the company culture and the people who work there they created a fake social media profile and connected with employees from the target company.

They used these connections to build an email list. They wrote an email that offered the chance to take part in a draw to win $350. They appeared to come from Jenny Moore (business development manager).

Can you see anything wrong with Jenney’s address?

It’s not Jenney’s email address. They used one which looks like hers but there’s an ‘n’ instead of an ‘r’ (very hard to spot) they used the names and email addresses they’d gathered and send personal emails. The tone and style of the website were reiterated in the email. To enter the draw they had to log in and agree to the terms and conditions. They had to log in to access the terms and conditions the sign of the page is a copy of the company’s page like the email; the URL is one letter different from the real one.

 

When lily logs in, the criminals will have her password. Lily was instructed to download the terms and conditions and enable macros. Enabling macros allows the full malware to be downloaded and installed. The criminals now access the network and do all sorts of damage.

 

What Helps protect from Spear Phishing?

1. Don’t use the same password on multiple websites

2. Be mindful of the information you share on social media.

3. Keep in mind most companies don’t request personal information via email if in doubt give them a call but don’t use phone numbers and email as that’s usually phony as well.   

4. Hover over the link in the email with your mouse to make sure it’s the legitimate company site.

5. User a reputable web and email filter and these can stop the attack before it even gets to you.

6. Look for typos or anything that just doesn’t seem right about the email and trust your intuition ultimately you are the best line of defense.

7. Use strong and smart passwords.

8. Don’t click on the phishing email.

9. Educate your employees to protect against spear phishing.

10. Block email address to protect spear phishing.

11. Provide information on the trusted site.

12. Check the site carefully before providing the sensitive information to the site.

Leave a Reply

Also Read


Join GraspHack Family!

We will never spam you.

Be a part of our ever growing community.