Spear phishing is a type of social engineering attack during which a perpetrator that is disguised as a trusted individual, will trick their victim into clicking an embedded link in an email, text message or Instant Message which will then cause the victim to install malware on their network and subsequently execute the first stage of an Advanced Persistent Threat (APT) or reveal sensitive information to the perpetrator.

Whilst similar to a phishing attack, spear phishing is launched in a different way to its sibling and its targets differ from other types of Social Engineering attacks – this should always be considered when considering your organisations application security strategy.

The following example demonstrates a typical spear phishing attack:

• A spoofed email (an email originating from a forged sender address) is sent to a companies I.T Department from an attacker claiming to represent company X (a database management Software-as-a-Service provider) The email uses company X’s customer emailing template
• The email claims that company X is offering a free service for a limited time and invites the victim to sign up for the service using the enclosed link
• After clicking on the link, the victim is redirected to a login page on company X’s website (which is a fake website identical to the genuine company X’s registration page)
• At the same time, software is installed onto the victims machine which can then be used as an access point into the companies network to initiate the first stage of an Advanced Persistent Threat.

A Phishing attack differs somewhat as it involves sending malicious emails from a perceived trusted source, and to as many individuals as possible (and assuming a low response rate)

A phishing email may purport to be from Worldpay and ask a recipient to verify their account details by clicking on an enclosed link, which would then lead to the installation of malware on the victim’s computer.

Phishing emails are generally impersonal, are often sent in bulk, and normally contain spelling errors or other mistakes that can reveal their malicious intent. The issue here is that not everyone notices these subtle hints. Trusted logos and links to known companies are often enough to trick many individuals into sharing their personal and business details.

Spear phishing mails are normally far more challenging to detect because they appear to come from sources that are normally closely affiliated to the victim. Cyber criminals send personalised emails to individuals or groups of people that have something in common, such as employees working in the same business area or department.

The targeted nature of spear phishing attacks makes them difficult to detect. However, several risk prevention measures can help, including two-factor authentication (2FA), password management policies and educational campaigns.

Two factor authentication can help to secure logins to sensitive applications by requiring users to have two things – something they know, such as a password and user name, and something they have, such as a smartphone or cryptographic token. When 2FA is used, even if a password is compromised using a technique like spear phishing, it’s of no use to an attacker without the physical device held by the real user.

Mollis Group have a number of solutions that we can implement which will help protect your business from Spear phishing and Phishing attacks. Drop us a line at [email protected] to find out more.

#evolvewithus