Contact us today!

FRS Pros Blog

Poking at Spear Phishing

Poking at Spear Phishing

Hopefully, you’ve heard of phishing at this point: the method cybercriminals use to scam their targets by impersonating someone that their targets would trust, requesting access credentials or other sensitive information. Did you know that there are specific kinds of phishing? Here, we’ll review one of the biggest risks to your business... spear phishing.

What’s the Difference Between Phishing and Spear Phishing?

In a word, personalization. Your typical phishing campaign, in keeping with the analogy, casts a wide net to try and catch as many victims as possible. By writing a very vague and generic email that appears to be from some large company or organization, the typical phishing attack can be leveraged against almost anyone with a reasonable chance of success - although this also makes them easier to spot if one knows what to look for.

Spear phishing, on the other hand, goes for quality over quantity. Instead of casting out a wide net to snare a large group, spear phishing requires a focused approach, as it targets a single, influential individual.

In order to do this effectively, a cybercriminal can’t just rely on a generic message. Instead, the hacker will do some digging, finding out everything they can about their target - where they work, who they work with, and what it is that they do. Once they’ve collected the information they need, the hacker will spoof an email - often referencing some project or mutual contact to prove their “legitimacy” - with a link to a downloadable file.

This link will take the recipient to what appears to be a login page for Google Drive or Dropbox, but is actually another part of the hacker’s trickery. Once the user enters their credentials, the scammer has them to use for themselves, completely undermining the user’s security and potentially causing a business crisis.

How Do Spear Phishers Fool People?

There are a variety of ways that hackers can make their messages more convincing, especially when they’re leveraging a spear phishing strategy. These methods combine some practical skills with a bit of psychology, supported by the research that these types of hackers do.

As a result, instead of the phishing message being vague and generic, it might reference actual events, people, and things relevant to the target. They will often be spoofed to appear to come from an authority figure, like a manager or the CEO, to encourage the recipient to do as the email says without really thinking about it or questioning it too much. Unlike many other phishing messages, spear phishing messages are typically well written, without spelling or grammar errors.

These cybercriminals can be especially devious and will even buy close-match domains to make their attacks that much more convincing.

Let’s say that you owned the domain example-dot-com. Someone trying to phish someone else by posing as you could purchase their own domain, example-dot-com. Looks the same, but by using a capital “i” instead of a lowercase “l”, the phisher can create a lookalike site that truly appears to be legitimate.

Who Do Spear Phishers Target?

This is one of the main reasons that spear phishing requires so much research - not only does the hacker have to identify who they are going to target; they have to also identify the best way to scam them. As a general rule, however, spear-phishing attackers will target those people in an organization who have access to the information that the phisher wants, but not enough clout to question a request from (what appears to be) up the chain of command. In other words, a business’ end users.

So, what can you do to prevent spear phishing from impacting your business? There are a few things:

  • Check to make sure everything about an email is as it should be. Is the sender actually, or is it Are there any files included with the email? They could be a means of installing some kind of malware, so avoid clicking on them.
  • Take any urgency in the message with a grain of salt. Many hackers will make their messages sound more urgent in the attempt to scare their targets into action. You should also keep an eye out for any changes in standard operating procedures as well… like if your company typically utilizes Google Drive to share files, but you’re being asked to download a file from Dropbox instead.
  • Make every effort to confirm any messages you find suspect through another means. The few moments it takes to pick up the phone and ask the person who seems to have sent an email will be well worth it if it helps you avoid a data breach.

Threats like spear phishing are just the start of a business’ security concerns. For more assistance with your business’ IT and its security, subscribe to our blog, and give FRS Pros a call at 561-795-2000.

Taking a Look at Wearable Technology in 2019
Tip of the Week: Bring Your Own Device Policy Cons...

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article!


Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Network Security Privacy Internet Hackers User Tips Software Cloud Microsoft Efficiency Google Innovation Hardware Data Business Management Hosted Solutions Computer Communication Email Windows 10 Cybersecurity Smartphones Malware Tech Term IT Services Business Data Backup Mobile Devices IT Support Small Business Android Disaster Recovery Backup Workplace Tips Upgrade Data Recovery Office 365 Browser Outsourced IT Smartphone Collaboration VoIP Internet of Things Gadgets Windows Users Communications Apps Cloud Computing Phishing Information Data Security Ransomware Cybercrime Business Continuity Saving Money Managed IT Services Network Automation Facebook Managed Service Operating System Mobile Device Management Microsoft Office Passwords Miscellaneous Employer-Employee Relationship Health Quick Tips Blockchain Wireless Two-factor Authentication Server Vulnerability Money Artificial Intelligence Alert Covid-19 OneNote Law Enforcement Social Media Applications Virtualization Spam Chrome Holiday Best Practice Managed IT Services Networking Mobile Device Information Technology Mobile Office IT Support Managed IT Save Money Bandwidth Data Breach Computers BYOD Router Unsupported Software Augmented Reality Access Control App Google Drive Settings Printing Bring Your Own Device Telephone Systems Data Storage Retail Tech Support Conferencing Windows 7 Word Password Project Management Patch Management Hacking Managed Service Provider Windows 10 Gmail IT Management History Cost Management Payment Cards Marketing Remote Workers Commerce WannaCry Travel File Sharing Application Budget Hosted Solution Excel Management Wireless Technology Avoiding Downtime Mobility Search Fraud Encryption Mobile Security Safety Data Management Battery Vendor Proactive IT Evernote SaaS Productivity Google Assistant User Error Touchscreen Risk Management Going Green Social Sports Hybrid Cloud Cortana Voice over Internet Protocol Government WiFi Telephony Data Loss Paperless Office Wi-Fi Robot Business Technology Audit Update Shortcut Software as a Service Data Protection Wireless Charging Politics Meetings The Internet of Things Google Docs HIPAA Hard Drive Display VPN iPhone Devices BDR Human Resources Microsoft Excel IT budget Fiber Optics Education YouTube Hard Disk Drive Outlook Development Telework Computer Forensics Peripheral Data storage Files Alexa for Business Credit Cards App store Server Maintenance Remote Work Samsung DDoS Chromebook Co-Managed Services Remote Computing Google Maps Spyware Specifications Virus Smart Devices Recovery Camera Microsoft Word Benchmarks Policy Disaster Financial Payroll Holidays Employees IT Solutions Micrsosoft Audits Legal Employee Webinar Investment Net Neutrality Antivirus Telephone Apple Managed IT Service Consultant Laptop Sales Proactive Sabotage Troubleshooting Administrator Projects Training Transportation Tablets Maintenance Myths Procedure Security Cameras Storage Social Engineering Copiers Streaming Media OneDrive Private Cloud Sync Business Intelligence Solutions Lithium-ion battery PowerPoint Admin Remote Monitoring Instant Messaging Hacker Compliance Break/Fix IT solutions FAQ ROI Internet Service Provider Hyperlink Edge Managed Services Provider Touchpad Websites PC CRM Access Identity Printers NFL eWaste Threats Video Conferencing Emergency Machine Learning Identities Inventory Point of Sale Chromecast Employee-Employer Relationship iOS WIndows Server 2008 Digital Signage Printer Wireless Internet Saving Time Facebook Privacy Keyboard Medical IT Windows 10s HBO Charger Windows Server 2008 R2 Entertainment Value Wasting Time Ciminal Downtime Screen Mirroring Humor Data Theft AI Identity Theft Internet Exlporer Data Privacy Computer Care Nanotechnology Device Security Scams Organization Amazon Legislation Language Office Adobe Workers Firewall PCI DSS Gamification Keyboard Shortcuts Unified Threat Management eCommerce 5G Solid State Drive Personal Information Workstation Uninterrupted Power Supply Accessory Virtual Assistant E-Commerce Emails Cast Gifts Computing Smartwatch Vendor Management Root Cause Analysis Windows Ink Virtual Private Network Comparison Hosted Desktop Scam Testing Computer Fan Reputation Licensing Updates Processor Regulations Compliance Memory Upgrades Hiring/Firing Mobile Computing Video Games Experience Work/Life Balance Virtual Reality Text Messaging Crowdsourcing Employer Employee Relationship Current Events Electronic Medical Records Benefits es Phone System Cache Save Time Office tips Computer Accessories Monitors Smart Technology Flexibility Music Advertising Thank You Television CrashOverride Company Culture Scalability Analytics Regulation HaaS Congratulations End of Support Relocation Black Market Cleaning Communitications Automobile Big Data Managing Stress Twitter USB Worker PDF How To Books