Phishing is the most common cyber attack targeting businesses, affecting 83% of companies that identified an attack in the last 12 months.
While companies have an arsenal of tools available to fight standard phishing scams, spear phishing emails are far more likely to make their way through companies' defences and end up in your users' mailboxes.
Spear phishing scams can affect every business - so it's important to understand the risk and how you can keep your company safe.
Spear phishing is the targeting of a specific person, group or company with a scam email. Unlike standard phishing emails, spear phishing emails are carefully crafted with the specific target in mind, and are thus far more difficult to spot.
Spear phishing messages usually impersonate people or businesses known to the target, such as business partners, senior managers or even online services the cyber criminal knows the target to use.
The goal of spear phishing emails is to dupe their target into handing over sensitive information, transferring money or downloading a malware-infected attachment. Any information given over to a spear phisher can be used to create further spear phishing campaigns and penetrate deeper into the business network.
As spear phishing scams require the sender to have information on the business network of the target, they will normally be preceded with the cyber criminal doing research on whoever they're planning to send the email to. This may involve scouring social media networks, reading press releases, purchasing exposed details on the dark web, and even just sending out some innocent-looking emails to the company to phish out information!
As spear phishing emails are customised for the target and the individual or company being impersonated, there are endless examples of spear phishing scams. The majority of spear phishing emails, however, make use of a few common tactics.
Spear phishing emails often pose as a colleague or a business partner of the target individual, as is the case in the example spear phishing email below.
In this scam, the sender of the email is ostensibly from the finance department of a vendor that the target works with. The scam email claims that a payment has been missed, and urges the recipient to make the payment now. As the cyber criminal has done their research, they will know which service to impersonate and who to target with this scam.
If the recipient were to click the link in the email and enter their payment details, the cyber criminal would be free to steal money from the company accounts.
Spear phishing emails can target any employee or company, regardless of industry or job role. It's important for every business to take precautions to reduce the chances of employees falling for a scam email.
A comprehensive mitigation strategy for spear phishing emails involves approaching the problem from many angles to reduce the risk factor.
Without the right training, employees are highly fallible to clicking on and compromising their details to spear phishing emails.
By instituting regular security awareness training and simulated phishing to your staff, you can save time and money from expensive breaches and protect your business' reputation.
Grab your free 14-day trial of the usecure platform today.