You already know about Phishing: putting in some bait and waiting for someone to divulge their personal information. Phishing comes in many flavors like Spear Phishing, Tabnabbing, Whaling, Tabjacking, and Vishing Smishing. But there is yet another type, and that is Spear Phishing.
You may have already come across Spear Phishing. Cybercriminals use this technique to send you a message from an entity you know. The message asks you for your personal and financial information. Since it appears to originate from a known entity, you reply without a second thought.
What is Spear Phishing
Spear Phishing is a method where cybercriminals use a targeted technique to dupe you into believing you received a legitimate email from a known entity asking you for your information. The entity can be a person or any organization that you deal with.
It is easy to make it look original. People have to purchase a related domain and use a subdomain that looks like the organization you know. It can also look like the email ID of a person you know. For example, something.com can have a subdomain named paypal.something.com. This allows them to create an email ID that goes to [email protected]. This looks pretty identical to email IDs related to PayPal.
In most cases, cybercriminals keep an eye on your activities on the Internet, especially on social media. When they get information from you on any website, they’ll grab the opportunity to extract it from you.
For example, you post an update saying you bought a phone from Amazon on any social networking site. Then you receive an email from Amazon saying your card is blocked and you must verify your account before making any more purchases. Since the email ID looks like Amazon, you readily give away the information they ask for.
In other words, Spear Phishing has targeted Phishing. The email IDs and messages are personalized for you – based on information available on the Internet about you.
Spear Phishing Examples
While Phishing is a daily thing, and many are familiar enough to stay protected, some still fall prey to it.
One of the best and most famous spear phishing examples is how the RSA unit of EMC was targeted. RSA was responsible for the cybersecurity of EMC. The cybercriminals sent two emails containing an EXCEL file containing an active MACRO. The title of the email was said to be Recruitment Plan. While both emails were filtered into the Junk Folders of employees, one of the employees got curious and retrieved it. When opened, the MACRO opened a backdoor for the people who sent the email. They were then able to procure the credentials of employees. Despite being a security firm, if RSA could get tricked, imagine the life of unsuspecting regular Internet users.
In yet another example concerning a cybersecurity firm, there were emails from third parties that tricked managers into believing that it was their employees asking for details. When the cybercriminals got the information by posing as employees over email, they could get money transferred from the company to criminals’ offshore accounts. It is said that Ubiquity lost over $47 million due to the spear-phishing scam.
Whaling & Spear Phishing scams are emerging cyber-security issues. There is a thin line of difference between the two. Spear Phishing targets a group of people – like an email that targets employees of a company, customers of a company, or even a specific person. Whaling Scams typically target high-level executives.
Spear Phishing protection
Remember that no e-commerce company will ask you for your personal information via email or phone. If you receive any message asking you for details you don’t feel comfortable sharing, consider it a spear-phishing attempt and cut it off directly. Ignore such emails, messages and switch off such calls. You can confirm with the organization or person before responding in the future.
Among other Spear Phishing protection methods is to share only as much as is needed on social networking sites. You can say it is a photo of your new phone and post it instead of adding you bought it from XYZ organization – on a specific date.
You must learn to identify Phishing Attacks to know more about protection from Phishing. It would be best to have good security software that filters your email well. You can add email certifications and encryptions to the email clients you use to protect you better. Many spear-phishing attempts may get caught with certificate-reading programs built into or installed on the email client.
Stay safe, and stay sharp when online!
What indicates Spear Phishing?
Spear phishing entails a cyber assault that is more focused compared to phishing. Emails are customized for the specific target. For instance, the perpetrator might relate to a particular purpose, masquerade as an individual familiar to the recipient, or employ alternative tactics of manipulating human psychology to establish trust with the target.
Is Spear Phishing a type of malware?
No, spear phishing isn’t a category of malware. Instead, it is a focused cyber assault approach in which malevolent actors customize emails or messages to deceive particular people into exposing confidential data or carrying out specific tasks. Conversely, malware denotes malicious software that aims to infiltrate computers or networks, inflicting damage, stealing data, or attaining unauthorized entry.
