Spear phishing

By Ron Samson Jr

What is spear phishing?

Spear phishing is a targeted attack delivered via email – commonly using some piece of information like the recipients name, their bank, a company they work with etc. People are much more likely to fall for these type of attacks than general phishing which is random and not targeted.

Why does spear phishing work?

It works because they’re believable and people act without putting much thought into it – someone might be used to receiving random password change emails from time to time and so when an email appearing to be from their bank comes in to change their password, they comply without much 2nd thought.

How do I identify spear phishing?

Spelling/grammar – The creators of phishing emails are usually not native English speakers. Un-capitalized letters like “i” or oddly used wording like “await response asap” are both red flags it is a spear phish attempt.

Urgency – Typically the senders of spear phishing emails want you to act quick without thinking too much about it. If you see words like ASAP, or URGENT in the email, this is a key indicator it is a phish.

Generic addressee title – Many times, the creators of malicious email may only know one piece of information about you, such as the bank you use, but not your name. They may use something like ‘Dear Mr President’ to address you which most likely is not how you are addressed.

Disguised links – Always hover over links before clicking them, a malicious link will usually appear as an odd website you’ve never heard of but this may also be the case with legitimate tracked links which are used by marketing systems. The best defense is to check the email headers and make sure it is actually coming from someone you know.

Shortened URLs – If the link uses a URL shortener like bit.ly, then hovering over it won’t work. URL shorteners are dangerous because it could link to anywhere. If you are

A suspicious attachment – An attachment that is trying to imitate one you normally receive but with different naming or with a suspicious extension is a key indicator of a spear phishing attempt. Always check the header of the email to ensure that the address it appears to be coming from is the actual address.

How can I prevent spear phishing attempts from succeeding?

Verify if the message is legitimate by calling or emailing directly – do not use any phone numbers contained in the email, go on the company website through a search engine and call.

Security Awareness Training – knowing how to identify potential attacks is key to stopping them. By going through training and learning the common methods used, you will be much more vigilant.

Advanced Email Security – Attachment defense, URL defense, and many more features will block malicious emails.

Spear phishing example

You receive an email appearing to be from the CEO with all the same layout you are used to. They

spear-phishing

What do I do if I fall victim to a spear phishing attack?

Immediately change your password – if you entered a password through a fraudulent banking page link in the email for example, go to your bank website directly and change the password immediately.

Isolate your computer – by disconnecting from the internet, this can minimize damage – malware and ransomware can be contained in attachments and links in these emails. Egress filtering for example is a malicious technique used that hides your data being stolen by making it appear like normal HTTPS traffic.

Scan your computer with your anti-virus – Run a scan to see if anything was installed on your computer when you fell for the phish. Remember that just because anti-virus says you’re clean does not mean you are. It is best to run multiple scanners such as Spybot Search and Destroy.

Notify IT staff – let them examine the email and let them know the actions you took in the email