What is Spear Phishing?

Spear Phishing is a targeted cyberattack on individuals or groups within an organization to obtain their confidential information for fraudulent activities.

Spear phishing attacks are messages typically personalized based on public information the attacker has found on the recipient. This can include topics surrounding the recipient’s expertise, role in the organization, interests, public and residential tax information, and any information attackers can glean from social networks. These specific details make the email appear more legitimate and increase the chances of the recipient clicking links or downloading attachments.

How Spear Phishing Works

Hackers pose as a trusted source to convince the victims to divulge confidential data, personal information or other sensitive details and they use it for criminal activities like identity theft, data breaches which may cause financial loss and bad reputation.

A typical spear phishing attack includes an email and an attachment. The email includes information specific to the target, including the target's name and position within the company. This social engineering tactic boosts the chances that the victim will carry out all the actions necessary for infection, including opening the email and the included attachment or clicking a link.

Examples of Spear Phishing

• Providing examples of spear-phishing attacks will help you train users and identify them when your organization is the target. Don’t assume that your organization could not be a target because it’s too small. Attackers know that small businesses have fewer cybersecurity resources than large ones, so small businesses are also a target. Any size business could be the target of whaling and spear phishing.
• Threat actors often use names of well-known businesses to increase the probability of success and give targeted users a sense of trust. PayPal, Amazon, Google, and Microsoft are four large household brands used in spear phishing. These brands give users a sense of trust and have millions of customers that could be tricked into clicking links in an email.
• The email sender claims to be from a legitimate vendor stating that the account is about to expire, and the recipient must click a link and authenticate.
• Always validate invoices before paying them. Attackers use actual vendors with fake vendors to trick organizations.
• Requests to donate or send money to a specific group usually indicate that you’re a target of spear phishing.

How Email defence Can Help

Emaildefence offers an integrated email security solution that blocks spear phishing and many other email-based attacks. Instead of simple blacklists, Emaildefence solution uses heuristics and behavior patterns to detect potential threats and block them from reaching their intended recipient.

Not only does Emaildefence block phishing attacks, but our professionals offer security awareness training to reduce insider threat risks. Automated incident response reduces the timeframe to contain threats, and our adaptive security isolates email messages and potential threats after automatically analyzing risky user behavior.