Phishing is the most common cyber attack targeting businesses, affecting 83% of companies that identified an attack in the last 12 months.
While companies have an arsenal of tools available to fight standard phishing scams, spear phishing emails are far more likely to make their way through companies' defences and end up in your users' mailboxes.
Spear phishing scams can affect every business - so it's important to understand the risk and how you can keep your company safe.
- What is spear phishing?
- What does a spear phishing email look like?
- How can you protect your company from spear phishing?
What is spear phishing?
Spear phishing is the targeting of a specific person, group or company with a scam email. Unlike standard phishing emails, spear phishing emails are carefully crafted with the specific target in mind, and are thus far more difficult to spot.
Spear phishing messages usually impersonate people or businesses known to the target, such as business partners, senior managers or even online services the cyber criminal knows the target to use.
The goal of spear phishing emails is to dupe their target into handing over sensitive information, transferring money or downloading a malware-infected attachment. Any information given over to a spear phisher can be used to create further spear phishing campaigns and penetrate deeper into the business network.
How are spear phishing emails crafted?
As spear phishing scams require the sender to have information on the business network of the target, they will normally be preceded with the cyber criminal doing research on whoever they're planning to send the email to. This may involve scouring social media networks, reading press releases, purchasing exposed details on the dark web, and even just sending out some innocent-looking emails to the company to phish out information!
What does a spear phishing email look like?
As spear phishing emails are customised for the target and the individual or company being impersonated, there are endless examples of spear phishing scams. The majority of spear phishing emails, however, make use of a few common tactics.
Spear phishing emails often pose as a colleague or a business partner of the target individual, as is the case in the example spear phishing email below.
In this scam, the sender of the email is ostensibly from the finance department of a vendor that the target works with. The scam email claims that a payment has been missed, and urges the recipient to make the payment now. As the cyber criminal has done their research, they will know which service to impersonate and who to target with this scam.
If the recipient were to click the link in the email and enter their payment details, the cyber criminal would be free to steal money from the company accounts.
How can you protect your company from spear phishing?
Spear phishing emails can target any employee or company, regardless of industry or job role. It's important for every business to take precautions to reduce the chances of employees falling for a scam email.
A comprehensive mitigation strategy for spear phishing emails involves approaching the problem from many angles to reduce the risk factor.
- Anti-phishing software - There are now many intelligent solutions to reduce the chances of a phishing email making its way to a users' mailbox, from spam filters provided by mail vendors to AI-powered scanning solutions. Unlike generic phishing emails, however, spear phishing emails are carefully crafted and are far more likely to slip through the net.
- Phishing training - All employees who have access to a company email inbox should be trained on the common signs of spear phishing emails, as well as what to do if they encounter and email they think is suspicious.
- Simulated phishing - Phishing simulations help you assess the risk posed by spear phishing emails to your business, but are also an important training tool. End users that encounter and fall for simulated phishing emails in their own mailboxes are far more likely to be alert when a real phishing email arrives.
Stop your employees from falling for spear phishing emails
Without the right training, employees are highly fallible to clicking on and compromising their details to spear phishing emails.
By instituting regular security awareness training and simulated phishing to your staff, you can save time and money from expensive breaches and protect your business' reputation.
Grab your free 14-day trial of the usecure platform today.