Spear phishing is a sophisticated form of cyberattack where attackers target specific individuals or organisations, often using personalised information to increase their chances of success. Unlike generic phishing attempts, which cast a wide net, spear phishing is highly focused and tailored, making it more dangerous. Attackers may impersonate trusted contacts or use familiar language to deceive victims into revealing sensitive information, such as passwords or financial data. Understanding the tactics employed in spear phishing and implementing preventive measures is crucial for safeguarding personal and organisational security.
What Is Spear Phishing? Just Like Phishing, But a Bit More Direct
We have all heard by now of the term phishing and how it works, where a generic email is sent with an encrypted URL or attachment and when it’s clicked “BOOM”… you have been caught. But, what we are seeing now is an up rise in spear phishing.
Spear phishing is technically the same but with a more direct and targeted approach. The hackers will spend time looking into an individual or a small group of people’s own lives, interests and job role and create an email which seems legitimate and interesting, interesting enough to click. And if that one person clicks which activates the malware, this can spread and cause damaging effects within the
business.
The Federal Bureau of Investigation conducted detailed research in to spear phishing and reported that most spear phishing is directed at businesses who use “wire transfers as a common method of transferring funds for business purposes”. This is also known as the BEC Scam which is defined as a “…sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorised transfers of funds.”
Here’s a Quick Look into How “Spear Phishermen” Target and Catch
Spear Phishing on Facebook
Your updates can give away quite a lot about you as a person. Your spending habits, your dog’s name, a photo of you recently on holiday in Greece or the purchase of your lovely new car. The phishers can create a believable email asking you to review your recent holiday or to buy discounted dog food which has your dog’s name on it, which would include a link filled with malware. We aren’t saying you must never update anything ever again, but be mindful and think before you post or click!
Spear Phishing on Twitter
Your twitter is full of hashtags, #sister #bestfriend #family… and usually connected with these are tags of people names, locations and even images. This makes it easy for the phishers to create a “hide behind” persona. If you received an email with your sister’s name on it, you would automatically think it’s ok and would never think it’s a phishing email but unfortunately, sometimes they are.
Spear Phishing on LinkedIn
You have your image, your business title, the business name, all connected employees and everything that you are interested in is viewable. The phishers can use this against you and to
manipulate you. Isn’t that a scary thought? Everything you do online and what you interact with is basically building blocks for your own spear phishing attack.
Put these together and you are the prime target for a spear phishing scandal, which if clicked could be further sent to your colleagues which then becomes a snowball effect. Be careful, and don’t start the
snowball.
Spear Phishing: How to Avoid and Reduce the Chances of Being a Victim
1) How to Avoid Spear Phishing? Be Mindful
With all your details online now, your information can be sourced and used very easily. Don’t give away too much, and never post any personal details like address, phone number or bank details. Still enjoy it, post them funny photos, tell your friends you had the best day at the beach with your family, even tell everybody that you had a burrito for your lunch … but be careful. If you get an email about a “free burrito” from your favorite takeaway by the sea side, it’s probably not coincidence! Be aware and stay vigilant.
2) How to Avoid Spear Phishing? Check the Links
Spear phishing emails usually have links in them, asking you to click to change a password, verify details or sign up to something new and exclusive. But before you click, the best thing to do is to check the URL by hovering over the link. If it’s a phishing scam, you can bet the URL will be something completely irrelevant to the email and sometimes followed by a line of random numbers and digits.
3) How to Avoid Spear Phishing? Use Logic
Why would your work colleague want to know your bank details? Why would your boss send you a link to click a link to view your phone bill? They most likely wouldn’t, so if in doubt at all, contact that person directly and verify if they sent the email. And if you do get a phishing email, delete it immediately! Better safe than sorry.
Discover More About Protecting Your Employees from Spear Phishing
Enhance your cyber security awareness through MetaCompliance’s training programs, particularly MetaPhish, our advanced phishing simulation platform.
