A targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data.
Unlike phishing scams, which case broad, scatter-shot attacks, spear phishing hones in on a specific group or organization. The intent is to steal intellectual property, financial data, trade or military secrets and other confidential data.
Victims are 4.5 times more likely to fall for spear-phishing email scams than normal phishing scams.
This Is How It Works:
An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware. The malware infects that person’s computer. If that person is connected to a network, or server, the CyberCriminals that sent the email now have access to the server and/or network, and all it’s information and data it/they contain.
These emails often use clever tactics to get victims’ attention. For example, the FBI has warned of spear phishing scams where the emails appeared to be from the National Center for Missing and Exploited Children.
Many times, government-sponsored hackers and hacktivists are behind these attacks. CyberCriminals do the same with the intention to resell confidential data to governments and private companies. These CyberCriminals employ individually designed approaches and social engineering techniques to effectively personalize messages and websites. As a result, even high-ranking targets within organizations, can find themselves opening emails they thought were safe.
One of the main entry points for Advanced Persistent Threats.
How To Stop It:
Traditional security often does not stop these attacks. They are so cleverly customized, and are becoming more and more difficult to detect.
To fight spear-phishing scams, employees need to be aware of the threats.
Employees need to be aware of the possibility of bogus emails landing in their inbox, and what to look for.
One employee mistake can have serious consequenses for businesses, financial institutions, governments, and even non-profit organizations. With stolen data, CyberCriminals can reveal commercially sensitive information, manipulate stock prices, or commit various acts of espionage.
Spear-phishing attacks can deploy malware to hijack computers, organizing them into enormous networks called botnets that can be used for denial of service attacks.
Technology that focuses on email security is an absolute necessity.