How does spear phishing work?
Spear phishing, like phishing in general, are scams that attempt to trick the recipient into providing confidential information, like account credentials, to the attacker. Links or attachments can also be used to get the recipient to unknowingly download malware that can give the attacker access to the user’s computer system and other sensitive information. Where spear phishing differs from the more generic phishing is its targeted nature.
Spear phishing messages are typically personalized based on public information the attacker has found on the recipient. This can include from topics surrounding the recipient’s area of expertise, role in the organization, interests, public residential and tax information, and any information attackers can glean from social networks. These specific details make the email appear more legitimate and more likely for the recipient to click any links or download attachments.
An example of a spear-phishing attack can be something simple like “Wade, based on your love of the early reds this year, I’d suggest a visit to Domaine Maleficient [spoofed or compromised website], which Bob also loved. Check out their e-store.” This spear phishing example can be highly effective if Wade’s public information indicates he is a wine enthusiast, a friend of Bob who also loves wine, and the email is coming from a Facebook connection through a spoofed email.
How can I protect against spear phishing?
Look for email protection solutions that use anomalytics to detect suspicious emails. Dynamic malware analysis that can analyze the destination websites for malicious behavior and simulate a real user system such that evasive techniques built into malware can be countered, driving the malware to reveal itself in a sandboxed environment. Sandboxing at the time of delivery of a suspicious email and when users click on a URL is likely to result in greater detection of these highly targeted threats.