As many as 95% of all attacks on enterprise networks are the result of successful spear phishing. Attacks have increased in 2020 due to the spread of COVID-19, with cybercriminals taking advantage of stay-at-home workers that are not under the usual protection from in-office IT security systems.
Whenever users take to online platforms and create social media posts or take part in online quizzes, more of their information is uploaded online. Hackers are fully aware of this and accumulate this data to appear trustworthy.
Using this specific information, hackers are able to send targeted phishing emails to users. These emails normally contain attachments with links containing viruses or embedded malware.
Although many spam emails might be easily identifiable, spear phishing is much harder to detect. They look like legitimate emails from a trusted person, such as a friend, co-worker, or boss.
Learn how to spot a spear phishing attack and protect yourself.
4 Ways to Identify a Spear Phishing Attack
1. Check the Email Sender
Impersonation is seen to be the most frequent form of a spear phishing attack. So, one of the most used tactics in spear phishing is to create a website with a domain name that replicates a well-known organization. Letters can be misused to fool unsuspecting users, and websites are all but utterly identical to the true site.
2. Inspect the Subject Line
One of the biggest giveaways of a spear phishing attempt can be found within the subject line itself. According to a Barracuda report, these subject lines will almost always attempt to bait you in terms of either urgency, sense of familiarity, or urgency. The report shows that the five most popular used subjects include terms such as:
- Request (36%)
- Follow up (14%)
- Urgent or Important (12%)
- Are you available (10%)
- Payment status (5%)
All of these terms impress some sense of familiarity. Some even go as far as using “Re:” or “Fwd:” to make it appear as though it is part of a conversation previously had.
3. Links and Attachments
Many attachments included in spear phishing emails include embedded malware, or they will consist of forms where you need to enter your most sensitive information. Malware comes typically in the form of an .exe file. Other commonly used files are .zip files, PDF, Word, and Excel documents.
Check the validity of the attachment by looking at who the email came from. This can be done easily by hovering your mouse over the “from” address. One of the latest techniques that hackers use in order to avoid detection from protection and security software is to use images instead of text.
4. Message Content
A spear phishing email is usually made up of your personal information found online, such as contact addresses or phone numbers, names of pets, and pretty much anything relating to you that you wouldn’t think could be found online.
These targeted emails are very sophisticated, with attackers often opting to play the long game in that they attempt to build a relationship with their victim and gain trust.
Cyber crime is on the rise.
While regular phishing is one of the most popular tactics used by hackers to get a hold of your sensitive information, it is much simpler to detect than its more sophisticated counterpart – spear phishing.
For enhanced protection, even Microsoft are not prioritizing security updates over non-essential updates.
Spear phishing involves hackers accumulating as much personal information as possible in order to put their attack into action. By keeping an eye out for these four giveaways, you can increase your chances of staying safe while online.