Defining Spear-phishing

Hello and welcome to section 1.2 of the attacks course Spear-phishing. I’m Lisa Gilbert, and I will be sharing a lot of helpful information so you can understand this type of attack and defend against it. In our discussion of spear-phishing, I will first define spear-phishing and why it is important to understand and prevent. Then I will explain why everyone is at risk and explore the red flags and warning signs that an attack is taking place. Next, we will discuss some clues that a spear-phishing attack may be taking place. We will also explore some of the tactics used by attackers. And I will share several real-life examples. Lastly, I will describe how you can protect yourself and your organization from spear-phishing attacks.

Before we can discuss spear-phishing, we need to understand what it is. Spear-phishing is the act of sending emails to specific and well researched targets while purporting to be a trusted sender. The aim of a spear-phisher is to either infect devices with malware or to convince victims to give the attacker valuable information or money, much like phishing. Attackers often use social engineering tactics, which we will discuss later in this course, to research their victims. I already told you a lot about phishing in the previous lesson. But there is an even more effective former phishing called spear-phishing. So what makes spear-phishing different?

Phishing is often described as spray and prey, meaning a single phishing email will be sent to many, many recipients in the hope of catching a small percentage of the targeted victims. Spear-phishing, on the other hand, is much more targeted toward an individual or a small specific group of people. The attackers segment their victims, choosing something personal or specific to them. They personalise the email when they craft it. So instead of it being addressed to “friend” or “you”, it actually addresses you by name. And they impersonate specific senders with whom you have interacted in the past. For example, Amazon or PayPal. Spear-phishing is commonly used by advanced persistent threat actors who are targeting very particular information from certain victims.

Spear-phishing is surprisingly effective. In 2015, 84% of organizations said they had experienced a breach due to spear-phishing. Spear-phishing is also surprisingly devastating. The average impact of a successful spear-phishing attack is $1.6 million. So who is at risk for spear-phishing attack? Spear-phishing attacks are far more successful than the untargeted efforts of generic phishing emails. According to a report from the security researchers at FireEye, spear-phishing emails had an open rate of 70%. Further, 50% of recipients who opened spear-phishing emails also click the enclosed links, which is 10 times the rate for mass mailings. Consequently, the average person is even more at risk for a spear-phishing attack than a more general phishing attack. What are some of the indications of a spear-phishing attack?

In a targeted attack, the criminal is more likely to impersonate someone you know. They may obtain this information through various social engineering techniques you will learn about later in this course or through data breaches. They will often register a lookalike web domain that is a single letter different from a trusted domain. We’ll see that in the next lesson. The message may come from someone you think you recognize, such as a work colleague. But at an unusual time when you would not expect to hear from them. Subject lines are used to summarize emails and convince you to open them. Spear-phishing emails frequently use threatening language, a sense of urgency, some type of offer, or just intriguing language.

If the subject line seems like it’s desperately reeling you in, be cautious. Typical phishing emails are notoriously worded in odd ways. This could be an obvious red flag, particularly if the email is trying to impersonate someone you already know. If it simply doesn’t sound like the style in which they would write, be suspicious. As with standard phishing emails, spear-phishing emails may contain spelling and grammatical errors. Spear-phishing emails are often demanding, using terms like “send me”, “click here”, or “open this”. Be suspicious of emails insisting you take an action. Phishing and spear-phishing emails often have a sense of urgency around the action the criminal wants you to take. Their goal is for you to act quickly.

So there may be a time constraint to create a false sense of pressure. Spear-phishing emails also frequently use threatening language, like “reset your password in the next 24 hours or your account will be locked”, or “pay your parking fine today or risk it being increased”. Many phishing and spear-phishing emails are intended to trick you into clicking on malicious links or opening harmful attachments, either of which may download malware to your computer. Never click a link or open an attachment in an email unless you are specifically expecting to receive it.