Spear phishing is a personalized phishing attack that targets a specific organization or in dividual. These attacks are carefully designed to elicit a specific response from a specific target. Attackers invest time in researching their targets and their organizations to craft a personalized message, often impersonating a trusted entity. All this makes the message look trustworthy to the recipient.
To increase success rates, these attacks often convey a sense of urgency to get their victims to react. They may be asked to wire money right away, to open malicious attachments, or to click on a link that takes them to a phishing site that requires them to provide login credentials or other sensitive data.
The data gathered can be used to access existing business or personal accounts with fraudulent intent.
- Business Email Compromise (BEC): This is also known as CEO fraud, whaling, and wire transfer fraud. In a BEC attack, criminals impersonate an employee, usually an executive or manager, within the organization. Using convincing details and giving plausible reasons, they instruct their targets—who are often employees with access to company finances or personal information—to wire money or to send sensitive data such as financial information about customers, employees, or partners. These attacks utilize social engineering and compromised accounts, and they typically include no malicious attachments or links.
- Impersonation: This includes a large number of spear-phishing attacks that impersonate a trusted entity such as a well-known company or a commonly used business app such as Office 365, Gmail, or DocuSign. They may also impersonate a trusted colleague or business partner. These attacks typically try to get recipients to give up account credentials or click on malicious links. For example, you might receive an email claiming your account has been frozen and giving you a link to reset your password. If you click, you’ll go to a fake portal and enter your credentials—and now the crooks have unfettered access to your account. They can They can use that access to steal confidential data, conduct financial fraud using your account, or launch a more targeted attack within your organization.
The most common goals of spear-phishing attacks include:
- Requesting a wire transfer
- Requesting sensitive or proprietary information
- Spreading malware or ransomware
- Stealing account login credentials
- Taking over corporate acocunts
Traditional email security relies on reputation analysis, blacklists, and signature-matching of malicious attachments and URLs. Spear-phishing attacks are carefully designed to pass these checks and go undetected. They often do not have a malicious payload that traditional security can detect, and they often come from high-reputation sender domains or already compromised accounts.
Effective protection against spear-phishing attacks requires new approaches. You need to deploy new technology purpose-built to protect against spear phishing, along with advanced user-training programs to continuously improve security awareness across your organization.
Technology: Anti-phishing solutions use alternative methods to spot and block spear-phishing attempts. One approach that is shown to be effective uses machine learning to analyze normal communication patter 8ns within your organization. This allows the solution to spot anomalies that may indicate an attack. You should choose a solution that, at a minimum, includes:
- Anti-spoofing functionality to help detect impersonation attempts
- Account-takeover protection to block attacks from compromised accounts
- Social-engineering attack prevention to detect anomalies in email headers, senders, or body that indicate malicious intent
Security Awareness: Many organizations employ homegrown or low-tech security awareness training to make staff more able to spot and report phishy emails. However, today’s advanced computer-based training programs are dramatically more effective. The best, most effective programs include:
- Phishing Simulation to evaluate and identify users that are more vulnerable to socially engineered attacks
- Security Training to proactively detect and report phishing attacks, lowering the risk of future attacks
- Multi-vector simulation training that includes email, SMS, voicemail, and portable-media
- Reporting and Insight to detect trends and patterns and assess the effectiveness of security awareness training
How Barracuda Can Help:
Barracuda Sentinel is a cloud-hosted service that uses artificial intelligence for real-time spear-phishing and cyber fraud defense. It connects directly to Office 365, so it works alongside any email security solution with no impact on network performance or user experience.
Barracuda Essentials scans your email traffic to block malicious attachments and URLs, including those in phishing and spear-phishing emails. It also uses advanced analysis to spot typo-squatting, link protection, and other signs of phishing.
Barracuda Advanced Threat Protection is a cloud-hosted service available as an add-on subscription for multiple Barracuda security products and services (a 90-day subscription is included with Barracuda Essentials). It uses signature matching, heuristic and behavioral analysis, and static code analysis to pre-filter traffic and identify the vast majority of threats. Finally, it feeds remaining suspicious files to a CPU-emulation sandbox to definitively identify zero-day threats and block them from reaching your network. This means that it can block phishing and spear-phishing emails carrying zero-day payloads that other techniques might miss.
Do you have more questions about Spear Phishing? Contact us now.