by peter

Share

Spearphishing Explained

Risk

Risk Rating: HIGH
Likelihood: 3/5
Impact: 5/5

Causes

  • Inadequate user training
  • Lack of clear policy
  • Over sharing of information

Spearphishing Overview

Spearphishing is a phishing method that targets specific individuals or groups within an organisation. It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions such as opening a malware file that causes network compromise, and data loss, or financial loss. While phishing tactics may rely on shotgun methods that deliver mass emails to random individuals, spear phishing focuses on specific targets and involve prior research.

A typical spearphishing attack includes an email and an attachment. The email includes information specific to the target, including the target’s name and rank within the company. This social engineering tactic boosts the chances that the victim will carry out all the actions necessary for infection, including opening the email and the included attachment.

What you need to know about Spearphishing

No matter where you are in the organisational structure, attackers may choose you as their next spearphishing target to snoop inside an organisation. Here are some best practices to defend against spearphishing attacks:

  • Be wary of unsolicited mail and unexpected emails, especially those that call for urgency. Always verify with the person involved through different means of communication, such as phone calls or face-to-face conversation.
  • Learn to recognise the basic tactics used in spear phishing emails, smishing texts, such as tax-related fraud, CEO fraud, business email compromise scams, and other social engineering tactics.
  • Refrain from clicking on links or downloading attachments in emails, especially from unknown sources.
  • Block threats that arrive via email using hosted email security and antispam protection.

How spearphishing attacks happens

Spearphishing is typically used in highly targeted attack campaigns to gain access to an individual’s account or impersonate a specific individual. The target individuals may be officials or those involved in confidential operations within the target company. Hedgehog researchers found that more than 87 percent of targeted attacks in 2021 were derived from spear phishing emails.

Spearphishing attackers perform reconnaissance methods before launching their attacks. One way to do this is to gather multiple out-of-office notifications from a company to determine how they format their email addresses and find opportunities for targeted attack campaigns. They will also garner as many credentials dumps as possible to help identify particularly vulnerable individuals. Other attackers use social media and other publicly available sources to gather information.

Attack Sources

Spearphishing attacks can come from literally anywhere.