What is Spear Phishing?

Did you know about Phishing: Is the process of placing decoys and waiting for someone to reveal your personal information? Phishing has many forms such as Tabnabbing, Whaling, Tabjacking, Vishing and Smishing. In particular, among them must be Spear Phishing.

You may have encountered Spear Phishing. When using this technique, cyber criminals will send you a message from an object you know. The notice requires you to provide your personal and financial information. Since it originates from an object that you already know, you will give information without hesitation.

What is Spear Phishing?

Spear Phishing is a method where cyber criminals use targeting techniques to trick you into believing that you have received a legitimate email from a known audience, asking you to provide your information. Email can be from a person or any organization you know.

It's easy to make emails of this type look reliable. People only have to buy a related domain name and use a subdomain like that of an organization you know. It may also be like the email ID of someone you know. For example, something.com might have a subdomain named paypal.something.com. This allows an attacker to create an email ID of support@paypal.something.com. This seems quite similar to PayPal-related email IDs.

1. How to identify phishing emails

In most cases, cyber criminals will monitor your activities on the Internet, especially on social networks. When they receive any information from you on any website, they will have the opportunity to extract information from you.

For example, you post an update indicating that you purchased your phone from Amazon on any social networking site. Then you receive an email from Amazon saying your card is blocked and you need to verify your account before making any further purchases. Because email ID looks like Amazon, you are ready to provide information that scammers ask for.

In other words, Spear Phishing is a deliberate form of phishing. Email IDs and personalized messages targeted at you - based on information available on the Internet about yourself.

Example of Spear Phishing

While phishing or phishing is a daily occurrence and many people are familiar with it, as well as providing the necessary protection measures, some people still have the ideal prey for this scam.

One of the best and popular Spear Phishing examples is how EMC's RSA unit is targeted. RSA is responsible for EMC's network security. Cyber ​​criminals sent two emails, each with an EXCEL file containing an active MACRO. The title of the email is set to Recruitment Plan . Although both emails were filtered into the employee's junk folder, one of the employees was curious and opened them. When the email was opened, MACRO opened a door for the attackers who sent the email. They can then steal employee information. RSA is a security company, so if RSA can also be fooled, imagine what the lives of regular Internet users will be.

In another example involving a network security company, having email from third parties tricked the manager into believing it was an email from their employees, asking for details. When cyber criminals have information by pretending to be company employees via email, they can receive money from the company to their account. There are reports that Ubiquity has lost more than $ 47 million because of spear phishing.

Whaling and Spear Phishing are emerging network security issues. There is a slight difference between these two scam methods. Spear Phishing targets a group of people - like an email targeting a company's employees, a company's customers, or even a specific person. Whaling Scams often target high-level executives.

Protection measures from Spear Phishing

Always remember that no e-commerce company asks you for your personal information via email or phone. If you receive any email, in any way, asking you to provide detailed information, which you don't feel comfortable sharing, consider it a form of spear phishing and direct. remove it. Ignore those emails, messages and end calls like that. You can confirm with organizations or individuals before answering about similar information in the future.

One way to protect yourself from other Phishing Spears is to share only what is needed on social networking sites. You can only reveal that it is a picture of a new phone that has just purchased and posted that information, instead of adding details like you bought it from XYZ organization, on a specific date.

You must learn to identify phishing attacks, to learn more about ways to protect yourself from general frauds. Basically, you should have a good security software to filter your emails. You can add email certificates and encryption for the email applications you use so you are better protected. Many spear phishing attacks can be detected by integrated security programs or certificates or installed for email applications.

See more:

1. How to identify Fanpage phishing like sentences on Facebook
2. What is Social Engineering? How to prevent Social Engineering?
3. What is Office 365 Attack Simulator? How to use it?