Don’t let the terminology confuse you– spear phishing is not the act of hunting for fish in the ocean, it’s a specific type of phishing attack where cyber criminals use detailed personal information to attack a specific individual or organization. This typically happens through email with the goal of gaining confidential information for their own fraudulent purposes.
Spear Phishing vs. Phishing
The key differences between spear phishing and phishing are the manners in which cyber criminals go about the process, and the specificity of the attack. Spear phishing is a vastly more targeted attack that requires the attacker to dive deep into research on their intended target, to present a more believable and specific email. Standard phishing attacks use general information in their emails that can be sent out to a large quantity of people. To simplify, spear phishing values quality and, phishing attacks value quantity.
Stats on Spear Phishing
Recent reports from Proofpoint have indicated that 64% of security professionals and 88% of organizations have reported experiencing a targeted spear phishing attack. Additionally, they noted a rising trend in the use of spear phishing in place of standard phishing attacks. Attackers are beginning to realize that the more targeted their attack is, the higher their chances of successfully gaining your information for leverage or exploitation.
Preventative Measures
Organizations should invest in an email protection solution that uses analytics to detect any suspicious emails and potential attacks. Example solutions include, utilizing email providers such as Gmail who use spam filters to identify and separate spam emails from your inbox. Additionally, using data encryption on emails to protect sensitive information inside emails, and Domain-based Message Authentication Reporting and Performance (DMARC) solutions are alternative ways to protect your organization. DMARC, being the most effective of these solutions, is a free solution allowing email domain owners to protect their domain from unauthorized use.
In addition to email protection solutions, pairing staff security awareness training with your technology-based solutions, plays a critical role in having a comprehensive strategy towards your cybersecurity. Staff training to prevent spear phishing attacks should focus on teaching employees to take a cautious approach to clicking on links, and opening emails that feel “off ”. Let staff know that if an email feels out of the ordinary, to verify that the email address is correct and isn’t a variation of the real one, for example with an added “1”, before opening it. Staff training should additionally teach the importance of keeping personal information close, and the importance of running software updates on company devices to ensure security solutions can run properly.
The sad truth is no one thinks they will be the victim of such an attack,… until they are. Cyber criminals are becoming smarter each year and are finding new ways to exploit human nature that is prone to error. As these new methods of hacking emerge, it is important for you and your organization to be fully aware of these threats and implement the solutions and best practices that will help mitigate your risk of attack.