Spear Phishing is like how it sounds. However, there is one big difference; those doing the Phishing are not targeting a wide range of fish in the sea; they target a specific organisation or individual. It is defined as the fraudulent practice of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information.
Spear Phishing is on the rise and accounts for more than half the cybersecurity attacks in 2020. During these unprecedented times, with COVID-19 and the associated changes in lifestyle that come with it, people and companies are distracted and disorientated. Our defences are down yet we are even more reliant on the digital world – the perfect scenario of cybercriminals to take advantage.
Cyber Criminals see smaller companies and SMB’s as vulnerable targets with around 30% of smaller companies in Australia having inadequate cybersecurity measures in place. Angus Taylor MP, Australian Minister for Law Enforcement and Cyber Security said “Businesses often find it hard to recover after a cybersecurity incident. When small businesses experience a significant cyber breach, 60 per cent will go out of business within six months."
What are the types of Spear Phishing you need to be aware of?
Business Email Compromise (BEC): Criminals impersonate an employee, usually an executive or manager to instruct employees – often those who have access to finances or personal information - to wire money or to send sensitive data such as financial information about customers, employees, or partners.
These attacks utilise social engineering and compromised accounts. They typically do not include malicious attachments or links.
Impersonation: This is the most common attack to watch out for and involves the impersonation of a trusted entity such as a well-known company or a commonly used business app such as Office 365, Gmail, or DocuSign. The attacker emulates a trusted colleague or business partner to get the recipient to give up account credentials or click on malicious links. Often it is an email claiming your account has been frozen and asking you to click on a link to reset your password. Those that fall for this are taken to a fake portal and end up giving crims access to their private accounts to have a field day with - access confidential data; conduct financial fraud using your account; or launch a more targeted attack.
How can Powernet help?
Effective protection against spear-phishing attacks requires new approaches. You need to deploy new technology purpose-built to protect against spear phishing, along with advanced user-training programs to continuously improve security awareness across your organisation.
Powernet provides sophisticated cyber security solutions, we understand that every business has different technical, regulatory and industry specific vulnerabilities. Our solutions work in combination to enable real time spear phishing and cyber defense, blocking of malicious attachments and links, training of your staff to understand the different types of threats and analysis of your traffic to stop attacks before they happen.
Do you use Office 365? Check out this free tool that can spot phishing emails in your inbox.