In terms of email security, the business impact of spear phishing attacks can be devastating. Read on to know more about this deadly malware…
Spear phishing is one of the specialized malware which is targeting the businesses around the world. While conventional phishing attacks are usually conducted by sending malicious emails to as many people as possible and luring them into revealing their passwords, sensitive financial information and so on, spear Phishing is a specialized and more targeted type of phishing attack.
The business impact of spear phishing attacks can be devastating. Way back in 2014, Sony Pictures faced a huge reputation damage when private email were exchanged between executives revealing embarrassing comments about celebrities. Sony studio lost complete control of its unreleased movies, which fell into the hands of digital pirates. Finally, Sony Pictures had to incur a cost of around $8 million to settle lawsuits with employees who were forced to protect their identities from the theft.
The modus operandi of phishing attacks is to cast a wide network of malicious emails. Phishers seem to spread their enticements all over and wait for their victims to take the bait, then they infiltrate and cause the real damage. In contrast to the mass email approach of phishing, spear phishing is a targeted attack or rather one-on-one, where the phisher creates a fake narrative or impersonates a trusted person and establishes a conversation with the victim. Only later does the spear phisher request confidential credentials or sends a malicious URL/attachment. Though the end goals of phishing and spear phishing are the same, the tactics employed by the two vary.
Spear phishers do a lot of research about the intended victims before crafting their first message. They study the social media profiles like Linkedin, Facebook, etc. of the victim and then try to build a profile around the victims work and general life. The chosen victims are the ones who have access to some sensitive information about their organization like intellectual property, bank passwords, etc. Then the phisher sends an email to the victim which seems to come from a colleague or business associate. The first few interactions do not contain any link or attachments, hence are difficult to be detected by anti-spam and anti-virus filters. After a few interactions, the phisher either sends a link to the victim that can infect his machine with a spyware or sometimes even drives the victim to share some IP or transfer money to his account, citing an extraordinary situation.
Conventional anti spam filters derive signatures, recurring patterns & phishing URLs by using information from previously identified threats. This arrangement was successful in fighting mass spam emails — which threatened to make email unusable. However, email security based on signature and recurring patterns is completely ineffective in identifying the ‘one-off targeted spear phishing attacks’. Since the first few emails sent by spear phishers do not contain any attachments or links, they go undetected by spam filters.
The motive of the spear phishers is to build a trust with the victim. For creating the trust, phishers usually send emails from legitimate email addresses having good reputation and spoof the display name. Usually, the victims get deceived by the malicious email and reply to the email revealing all their sensitive information. The unsuspecting victims do not bother to check the actual email address of the sender which may reveal the hoax. Since spear phishing emails spoof the display name and not the actual email address, they are not filtered by “Domain-based Message Authentication, Reporting & Conformance” (DMARC), which relies on policies enforced by senders with respect to their domain names.
Basic Security Tips
Considering the risks of opening and reacting to spear phishing emails it is crucial to educate users to be vigilant. Here are some basic tips that can help protect users from spear phishing…
* Be judicious while posting your personal information on social media. Online fraudsters use social engineering techniques as the first step to gather information about their victims.
* If possible, check with the email sender if one is not sure about the authenticity of the suspicious email. Impersonation by manipulating the display name of a sender is a common ploy used by online fraudsters. To counter the familiarity exploit, users should not hesitate to check the authenticity of the email with the sender. This is even more so decisive when the email seems to come from someone familiar and makes some request that seems out of the ordinary.
* Check and verify before you click on the email contents. Hackers hide malicious URLs in emails behind URLs that look genuine. It is recommended to hover over the hyperlink to see the destination URL first and if not familiar then do not click on the suspicious links.