k_Street Consulting, LLC Blog

Taking an Exploratory Stab at Spear Phishing

Taking an Exploratory Stab at Spear Phishing

Chances are, you’ve heard of “phishing” - a cybercriminal’s scam that steals data, access credentials, and other sensitive information by fooling a user into thinking they are providing this information to someone who is supposed to have access to it. However, there are a few different kinds of phishing, based on how it is carried out. Here, we’ll discuss the realities of spear phishing, and the risks it poses to your business.

What Makes Spear Phishing Different?

As a rule, spear phishing is a much more precise and personalized process. To keep to the “fishing” analogy, a generalized phishing campaign casts a wide net, trying to snare as many victims as possible with their scam. Utilizing vague and generic language, the ‘typical’ phishing attack is made to appear to come from a large organization, informing the user of some need for the user to take action, resulting in the hacker gaining access to the user’s information. This methodology makes the typical phishing attack fairly effective against many people, while simultaneously easier to spot if one knows the warning signs.

By comparison, spear phishing is far more precise. Instead of trying to find value in the quantity of targets snared in a trap, spear phishing takes the opposite tack. Using a highly targeted approach, spear phishing attacks are directed toward a specific individual within an organization.

This specified approach means that the generic messages that many phishing attempts leverage simply won’t be enough to fool the intended target. Instead, the hacker has to play investigator, seeking out as much information as they can about their intended target. Where do they work? What is their position in the company? Who do they frequently communicate with? Once the hacker has collected enough information to create a convincing message, they will typically spoof an email to their target. This email will usually contain some reference to a known contact or some in-progress project to make it more convincing and will request that the recipient download a file via a provided link.

However, while the link will direct to what appears to be a Google Drive or Dropbox login page, it is just another layer to the deception. Entering credentials into this page will give them right to the hacker for their use, breaching the user’s security and putting the entire business at risk in one fell swoop.

What Methods Do Spear Phishers Use?

Due to how spear phishing works, the messages sent by hackers need to be as convincing as possible. Combining extensive research with some practical psychology, a hacker has more ammunition to power their attacks.

As mentioned above, spear phishing is far less generic than the average phishing attempt. By referencing specific people, things, and events that mean something to the target, or appearing to come from an internal authority (a manager, perhaps, or even the CEO), the hacker can create a message that is less likely to be questioned. If the hacker writes their messages without any spelling or grammatical errors, as many spear phishers do, it only becomes more convincing.

These hackers are so reliant upon their target being fooled; many will purchase domains that strongly resemble an official one. For instance, let’s say you owned the domain website-dot-com. If a hacker decided to pose as you to launch a spear phishing attack, they might purchase the domain vvebsite-dot-com. Without close inspection, the switch may not be noticed - especially if the hacker creates a good enough lookalike website.

Am I A Target?

Of course, the research that a hacker has to do to successfully pull off a spear phishing attack is extensive - not only do they have to identify their target, they also have to figure out the best way to scam this target. Generally speaking, a hacker seeking to leverage spear phishing will focus their efforts on anyone in an organization who could potentially access the information that the hacker wants but isn’t high up enough in the organization to question an assignment from above.

Or, in more certain terms, a business’ end users.

In order to minimize the chances that a spear phishing attack will be successful against your company, you need to make sure that everyone subscribes to a few best practices. For example:

  • Pay attention to the finer details of an email. Is the message actually from , or does the email address actually read ? Did Christine/Kristine include any attachments? As these can be used to spread malware via email, you should avoid clicking on them unless you are certain the message is legitimate.

  • Is the message written to sound overly urgent? Many phishing messages, especially spear phishing messages, will try to push an action by making it seem as though inaction will lead to a critical issue. Another warning sign to look out for: any deviation from standard operating procedures. Don’t be afraid to question a sudden switch from Google Drive to Dropbox - it may just be the question that stops a spear phishing attack.

  • Speaking of questioning things, don’t hesitate to make sure that any messages you suspect may be spear phishing aren’t actually legitimate through some other means of communication. A quick phone call to the alleged sender will be well worth avoiding a data breach.

While spear phishing is a considerable threat to your business, it is far from the only thing you need to worry about. k_Street Consulting, LLC can help your business secure its IT solutions and optimize them for your use. To learn more, subscribe to our blog, and give us a call at (202) 640-2737.

Cloud Services Can Help You Build a Better Busines...
Keep Your IT Running Smoothly 24/7
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, August 25 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Access Control Video Games Public Cloud Advertising Cortana Server Read Machine Learning Streaming Media Connectivity Loyalty Windows Google Search Distributed Denial of Service Music Customer Service Robot Gmail Frequently Asked Questions Mobile Content Management Smart Devices Communication Tip of the week IT Consultant Training Hypervisor Television Wiring 5G Enterprise Content Management Safety Audiobook IT service Administrator Collaboration Law Enforcement Regulations Cybercrime Microsoft Office Storage Hosted Solutions Product Reviews Bloatware Fiber-Optic Project Management Inventory Human Resources Logistics History Physical Security Printer Science Government Bring Your Own Device Cryptomining Information Technology Emails Staff Virtual Desktop Recovery Legal Spam Data Recovery Voice over Internet Protocol User Tips Social Engineering Scam Computer Fan Touchpad Windows 10s Keyboard Data iphone Data loss Mouse Techology Hard Drives Managed Service Azure Money Memory Running Cable Tech Term Internet Operating System Black Market Data storage Mobile Device Wireless Technology Criminal Work/Life Balance Data Security Password Manager Chrome Knowledge Financial Social Root Cause Analysis Budget Devices Computer Care Colocation Proactive Maintenance Security Cameras Charger Camera Laptop Remote Worker Start Menu Investment Nanotechnology Authentication Office Tips Domains Tech Support Smartphone Multi-Factor Security Hiring/Firing Netflix Remote Computing End of Support Current Events Network Congestion Shortcut Education Software as a Service Display IT Management Managed Services Provider Microsoft Webinar Redundancy Point of Sale Programming Analyitcs Wireless Gaming Console Rootkit Computing Infrastructure IT Services Touchscreen Downtime Monitor Bluetooth Accountants Online Currency Personal Information Windows Media Player PowerPoint E-Commerce webinar Users Environment VPN Help Desk Consultant Utility Computing Search Engine Paperless Office PDF Tablet Virus Solid State Drive RMM Emergency Customers Healthcare Networking avoiding downtime Email Restore Data Business Continuity Infrastructure Assessment Compliance Printer Server Samsung Net Neutrality Practices Lifestyle Software Tips Word Ransomware Social Media Vulnerability Search Business Technology Patch Management Google Apps Electronic Health Records Hackers Data Warehousing Gadgets GDPR WIndows 7 Health Remote Monitoring Managing Stress Data Management SharePoint Electronic Medical Records Computer Accessories Wireless Internet Workforce Troubleshooting HBO MSP Microchip Google Drive Online Shopping Password Holiday Maintenance Passwords Going Green Remote Maintenance Regulation Saving Time Managed IT Services Google Data Backup Analysis Security Cybersecurity Proactive IT HaaS Workers Productivity IT Solutions LinkedIn Thank You IaaS Telephone Systems USB User Error OLED BYOD Archive User Audit Managed IT Services Best Available Analytic Website Outsourced IT Privacy Employer Employee Relationship Botnet Chromecast Worker Office Cryptocurrency Business Mangement How to Hacker Two Factor Authentication Router Windows 10 Skype Virtual Reality Information Upgrade Windows 8 Millennials Save Time Recycling Content Hybrid Cloud travel Facebook Administration Procurement Processor malware Conferencing Experience Cleaning IT Plan Professional Services Save Money Retail Pain Points Automobile Sync Entrepreneur Firewall Tablets Vendor Virtual Machine Warranty Transportation Innovation Credit Cards Spam Blocking Meetings BDR Line of Business Screen Mirroring Phone System Managed IT Specifications Wi-Fi Quick Tips Settings Telephone System VoIP Unsupported Software Safe Mode Shadow IT Automation Reputation Private Cloud Saving Money Bandwidth Technology Mobile Device Management Wearable Technology Database Best Practices Multiple Versions Business Management Business Intelligence Android Lithium-ion battery Amazon Web Services Office 365 Update File Versioning Statistics Twitter Social Networking Worker Commute Uninterrupted Power Supply communications Smartwatch Trending Data Storage Backup Wireless Charging Cast IT Support Supercomputer Small Business eCommerce Bing Outlook Value Unified Communications Computers Mobile Computing Mobility Network Security Apple Encryption Mobile Office Vendor Management The Internet of Things Flash Notifications Phishing Virtualization analytics Business Owner Cloud IT solutions Congratulations Remote Monitoring and Maintenance Cameras IoT IT Support Cabling Company Culture Internet Exlporer Data Protection Digital Signage CrashOverride Big data Strategy Windows Server 2008 Hard Drive Instant Messaging Hosted Computing Sports Managed Service Provider Marketing WiFi Unified Threat Management App Windows 7 Theft HIPAA Smart Technology HVAC Digital Signature People Tip of the Week Fax Server Cables Telecommuting File Sharing Smart Office Workplace Tips Excel Hring/Firing Content Filtering NarrowBand Comparison How To Flexibility Distribution Manufacturing Virtual Private Network Alert Hardware Public Computer Servers Operating Systems Internet of Things YouTube Humor Printers Employee Proactive Miscellaneous Leadership Thought Leadership Employee/Employer Relationship Artificial Intelligence Benefits Best Practice Entertainment Biometric Security Tools Augmented Reality Hosted Solution Internet exploMicrosoft Application Students Biometrics Books Relocation Productivity Fraud SaaS Default App Hacking Browser NIST Addiction Remote Work Efficiency OneNote Windows Server 2008 R2 Business Antivirus eWaste Battery Telephony Password Management ISP IT Infrastructure ROI DDoS Politics Intranet Backup and Disaster Recovery Mobile Devices Two-factor Authentication Insurance Document Management FENG Amazon Windows 10 Computer Repair Evernote Cloud Computing Network Customer Relationship Management Computer Applications Files Blockchain Content Filter Apps Risk Management Software Data Breach Google Docs Shortcuts CES Identity Theft Wire Smart Tech Digital Payment Employer-Employee Relationship Scalability Smartphones Business Computing IBM Cost Management Virtual Assistant Cache Disaster Recovery

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *