Contact us today!
561-795-2000 
844-795-2001

FRS Pros Blog

Poking at Spear Phishing

Poking at Spear Phishing

Hopefully, you’ve heard of phishing at this point: the method cybercriminals use to scam their targets by impersonating someone that their targets would trust, requesting access credentials or other sensitive information. Did you know that there are specific kinds of phishing? Here, we’ll review one of the biggest risks to your business... spear phishing.

What’s the Difference Between Phishing and Spear Phishing?

In a word, personalization. Your typical phishing campaign, in keeping with the analogy, casts a wide net to try and catch as many victims as possible. By writing a very vague and generic email that appears to be from some large company or organization, the typical phishing attack can be leveraged against almost anyone with a reasonable chance of success - although this also makes them easier to spot if one knows what to look for.

Spear phishing, on the other hand, goes for quality over quantity. Instead of casting out a wide net to snare a large group, spear phishing requires a focused approach, as it targets a single, influential individual.

In order to do this effectively, a cybercriminal can’t just rely on a generic message. Instead, the hacker will do some digging, finding out everything they can about their target - where they work, who they work with, and what it is that they do. Once they’ve collected the information they need, the hacker will spoof an email - often referencing some project or mutual contact to prove their “legitimacy” - with a link to a downloadable file.

This link will take the recipient to what appears to be a login page for Google Drive or Dropbox, but is actually another part of the hacker’s trickery. Once the user enters their credentials, the scammer has them to use for themselves, completely undermining the user’s security and potentially causing a business crisis.

How Do Spear Phishers Fool People?

There are a variety of ways that hackers can make their messages more convincing, especially when they’re leveraging a spear phishing strategy. These methods combine some practical skills with a bit of psychology, supported by the research that these types of hackers do.

As a result, instead of the phishing message being vague and generic, it might reference actual events, people, and things relevant to the target. They will often be spoofed to appear to come from an authority figure, like a manager or the CEO, to encourage the recipient to do as the email says without really thinking about it or questioning it too much. Unlike many other phishing messages, spear phishing messages are typically well written, without spelling or grammar errors.

These cybercriminals can be especially devious and will even buy close-match domains to make their attacks that much more convincing.

Let’s say that you owned the domain example-dot-com. Someone trying to phish someone else by posing as you could purchase their own domain, example-dot-com. Looks the same, but by using a capital “i” instead of a lowercase “l”, the phisher can create a lookalike site that truly appears to be legitimate.

Who Do Spear Phishers Target?

This is one of the main reasons that spear phishing requires so much research - not only does the hacker have to identify who they are going to target; they have to also identify the best way to scam them. As a general rule, however, spear-phishing attackers will target those people in an organization who have access to the information that the phisher wants, but not enough clout to question a request from (what appears to be) up the chain of command. In other words, a business’ end users.

So, what can you do to prevent spear phishing from impacting your business? There are a few things:

  • Check to make sure everything about an email is as it should be. Is the sender actually Barb@company.com, or is it I3arb@comapny.com? Are there any files included with the email? They could be a means of installing some kind of malware, so avoid clicking on them.
  • Take any urgency in the message with a grain of salt. Many hackers will make their messages sound more urgent in the attempt to scare their targets into action. You should also keep an eye out for any changes in standard operating procedures as well… like if your company typically utilizes Google Drive to share files, but you’re being asked to download a file from Dropbox instead.
  • Make every effort to confirm any messages you find suspect through another means. The few moments it takes to pick up the phone and ask the person who seems to have sent an email will be well worth it if it helps you avoid a data breach.

Threats like spear phishing are just the start of a business’ security concerns. For more assistance with your business’ IT and its security, subscribe to our blog, and give FRS Pros a call at 561-795-2000.

Taking a Look at Wearable Technology in 2019
Tip of the Week: Bring Your Own Device Policy Cons...

Mobile? Grab this Article!

QR-Code

Tag Cloud

Tip of the Week Security Technology Best Practices Network Security Business Computing Productivity Privacy Internet User Tips Hackers Google Software Cloud Microsoft Business Management Hardware Computer Innovation Tech Term Efficiency Malware Data Backup Mobile Devices Data Smartphones Hosted Solutions Browser Windows 10 Data Recovery Smartphone Office 365 Cybersecurity IT Services Communication Upgrade Internet of Things Gadgets Android Email Backup Windows Business Workplace Tips Apps Data Security IT Support Outsourced IT Small Business Cybercrime Communications Disaster Recovery VoIP Business Continuity Mobile Device Management Ransomware Operating System Network Phishing Money Artificial Intelligence Saving Money Alert Cloud Computing Users Law Enforcement Vulnerability Information Server Employer-Employee Relationship OneNote IT Support Managed IT Services Managed IT Services Blockchain Passwords Virtualization Spam Miscellaneous Managed Service Social Media Microsoft Office Collaboration Facebook Health Applications Best Practice Wireless Automation Chrome Hacking BYOD Unsupported Software Windows 10 Save Money Two-factor Authentication Computers App Information Technology Bring Your Own Device Networking Data Storage Telephone Systems Router Holiday Word Tech Support Google Drive Password Managed Service Provider Managed IT Hard Drive Display Shortcut IT Management Politics Cost Management Gmail Travel Augmented Reality BDR Excel WannaCry Government File Sharing Commerce Fraud Robot Access Control Evernote Budget Printing Application Proactive IT Wireless Technology User Error SaaS The Internet of Things Data Management VPN iPhone Mobile Security Encryption Safety Cortana Touchscreen Google Assistant Productivity Data Loss WiFi Conferencing Hybrid Cloud Sports Mobile Device Risk Management Quick Tips Telephony Patch Management Wireless Charging Audit Hosted Solution Google Docs Project Management Windows 7 Data Protection Avoiding Downtime Mobility Devices Meetings Search Wi-Fi Business Technology Data Breach Update Credit Cards App store Hard Disk Drive Smartwatch Virtual Assistant E-Commerce Google Maps Spyware Marketing Touchpad Memory Human Resources Vendor Management Microsoft Word Processor Going Green Social Testing Specifications Virus Computer Forensics Peripheral Scam Development Bandwidth YouTube Chromebook Education DDoS Co-Managed Services IT Solutions Server Maintenance Alexa for Business Files Payment Cards Apple Webinar Humor Financial Disaster Payroll Samsung Tablets Maintenance Benchmarks Recovery Camera Sales Proactive Management Sync Micrsosoft Employees Storage Social Engineering Consultant Telephone FAQ Investment Personal Information Legal Employee Edge Remote Monitoring Retail Websites IT solutions Sabotage Antivirus Security Cameras NFL eWaste Projects Administrator Lithium-ion battery PowerPoint Admin Business Intelligence Reputation Vendor Streaming Media OneDrive Identities Data storage Battery Hyperlink Charger iOS WIndows Server 2008 ROI History Break/Fix Ciminal Access Data Theft Windows 10s HBO PC Machine Learning Device Security Remote Computing Identity Instant Messaging Hacker Screen Mirroring Wireless Internet Saving Time Adobe Workers Computer Care Nanotechnology Digital Signage Employee-Employer Relationship Emergency Chromecast Voice over Internet Protocol Legislation Language Settings Value Point of Sale Wasting Time Windows Server 2008 R2 Medical IT Unified Threat Management Internet Exlporer Gifts Computing Solid State Drive Paperless Office Amazon Entertainment Downtime Windows Ink Data Privacy Emails Cast Laptop Gamification Keyboard Shortcuts Identity Theft Licensing Updates Root Cause Analysis Firewall Transportation Comparison Uninterrupted Power Supply Accessory Office Outlook Computer Fan Mobile Office Private Cloud Software as a Service 5G Microsoft Excel IT budget Upgrades Managing Stress USB Worker es How To Books Hiring/Firing HaaS Video Games Experience Cache End of Support Work/Life Balance Relocation Virtual Reality Crowdsourcing Employer Employee Relationship Training Monitors Current Events Electronic Medical Records Benefits Phone System Television CrashOverride Save Time PDF Computer Accessories Company Culture Thank You Smart Technology Mobile Computing Flexibility Compliance Music Printers Text Messaging Congratulations Scalability Regulation Analytics Keyboard Office tips Black Market Cleaning Advertising Twitter Automobile Big Data