k_Street Consulting, LLC Blog

Taking an Exploratory Stab at Spear Phishing

Taking an Exploratory Stab at Spear Phishing

Chances are, you’ve heard of “phishing” - a cybercriminal’s scam that steals data, access credentials, and other sensitive information by fooling a user into thinking they are providing this information to someone who is supposed to have access to it. However, there are a few different kinds of phishing, based on how it is carried out. Here, we’ll discuss the realities of spear phishing, and the risks it poses to your business.

What Makes Spear Phishing Different?

As a rule, spear phishing is a much more precise and personalized process. To keep to the “fishing” analogy, a generalized phishing campaign casts a wide net, trying to snare as many victims as possible with their scam. Utilizing vague and generic language, the ‘typical’ phishing attack is made to appear to come from a large organization, informing the user of some need for the user to take action, resulting in the hacker gaining access to the user’s information. This methodology makes the typical phishing attack fairly effective against many people, while simultaneously easier to spot if one knows the warning signs.

By comparison, spear phishing is far more precise. Instead of trying to find value in the quantity of targets snared in a trap, spear phishing takes the opposite tack. Using a highly targeted approach, spear phishing attacks are directed toward a specific individual within an organization.

This specified approach means that the generic messages that many phishing attempts leverage simply won’t be enough to fool the intended target. Instead, the hacker has to play investigator, seeking out as much information as they can about their intended target. Where do they work? What is their position in the company? Who do they frequently communicate with? Once the hacker has collected enough information to create a convincing message, they will typically spoof an email to their target. This email will usually contain some reference to a known contact or some in-progress project to make it more convincing and will request that the recipient download a file via a provided link.

However, while the link will direct to what appears to be a Google Drive or Dropbox login page, it is just another layer to the deception. Entering credentials into this page will give them right to the hacker for their use, breaching the user’s security and putting the entire business at risk in one fell swoop.

What Methods Do Spear Phishers Use?

Due to how spear phishing works, the messages sent by hackers need to be as convincing as possible. Combining extensive research with some practical psychology, a hacker has more ammunition to power their attacks.

As mentioned above, spear phishing is far less generic than the average phishing attempt. By referencing specific people, things, and events that mean something to the target, or appearing to come from an internal authority (a manager, perhaps, or even the CEO), the hacker can create a message that is less likely to be questioned. If the hacker writes their messages without any spelling or grammatical errors, as many spear phishers do, it only becomes more convincing.

These hackers are so reliant upon their target being fooled; many will purchase domains that strongly resemble an official one. For instance, let’s say you owned the domain website-dot-com. If a hacker decided to pose as you to launch a spear phishing attack, they might purchase the domain vvebsite-dot-com. Without close inspection, the switch may not be noticed - especially if the hacker creates a good enough lookalike website.

Am I A Target?

Of course, the research that a hacker has to do to successfully pull off a spear phishing attack is extensive - not only do they have to identify their target, they also have to figure out the best way to scam this target. Generally speaking, a hacker seeking to leverage spear phishing will focus their efforts on anyone in an organization who could potentially access the information that the hacker wants but isn’t high up enough in the organization to question an assignment from above.

Or, in more certain terms, a business’ end users.

In order to minimize the chances that a spear phishing attack will be successful against your company, you need to make sure that everyone subscribes to a few best practices. For example:

  • Pay attention to the finer details of an email. Is the message actually from , or does the email address actually read ? Did Christine/Kristine include any attachments? As these can be used to spread malware via email, you should avoid clicking on them unless you are certain the message is legitimate.

  • Is the message written to sound overly urgent? Many phishing messages, especially spear phishing messages, will try to push an action by making it seem as though inaction will lead to a critical issue. Another warning sign to look out for: any deviation from standard operating procedures. Don’t be afraid to question a sudden switch from Google Drive to Dropbox - it may just be the question that stops a spear phishing attack.

  • Speaking of questioning things, don’t hesitate to make sure that any messages you suspect may be spear phishing aren’t actually legitimate through some other means of communication. A quick phone call to the alleged sender will be well worth avoiding a data breach.

While spear phishing is a considerable threat to your business, it is far from the only thing you need to worry about. k_Street Consulting, LLC can help your business secure its IT solutions and optimize them for your use. To learn more, subscribe to our blog, and give us a call at (202) 640-2737.

Cloud Services Can Help You Build a Better Busines...
Keep Your IT Running Smoothly 24/7
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, June 25 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Windows 10s IT Solutions Sync Windows 8 Criminal Smart Tech Proactive IT Computer Care Regulations Computers malware Warranty Fraud Risk Management communications Network Congestion Workforce Money Managed Service Retail Project Management Private Cloud Save Time Customer Service Telephone System Analysis Healthcare Work/Life Balance FENG Cleaning Apps Entertainment Smart Technology Consultant Technology PowerPoint Thank You Frequently Asked Questions Law Enforcement Cortana Default App Data Security OneNote Artificial Intelligence Redundancy Twitter GDPR Tip of the Week Read Emergency Cameras Screen Mirroring Wi-Fi Disaster Recovery Data Management Mobile Device Management Quick Tips ISP Troubleshooting Wireless Technology Business Owner Antivirus Ransomware Users Google Docs IT Management Administrator Gadgets Utility Computing Amazon Update Cybercrime Computer Repair Supercomputer Word Efficiency Email Assessment Net Neutrality Flash Scalability Programming Help Desk Data Storage Knowledge Mobile Devices Managed Service Provider Blockchain Computer Fan Paperless Office Big data Remote Computing travel Hybrid Cloud Display Transportation Addiction Productivity Digital Signature Infrastructure MSP NarrowBand End of Support Data Backup Cybersecurity Biometrics Employer Employee Relationship Microsoft Public Computer Point of Sale ROI Virtual Desktop Connectivity Software as a Service Wireless Internet analytics Managing Stress Statistics IoT Flexibility Recovery Environment Remote Maintenance Benefits Television Upgrade Manufacturing Nanotechnology Social Downtime Maintenance Collaboration Best Available Backup Inventory Relocation Lithium-ion battery Hacking Office Cloud Samsung Google Search Wiring HaaS Root Cause Analysis Sports Workplace Tips People Search Machine Learning Productivity Mobile Unsupported Software Windows 10 Data Recovery Hardware Notifications Computer Accessories Apple Devices Wireless Charging Budget Windows 10 Automation Audit Internet exploMicrosoft Fiber-Optic Augmented Reality Customers Practices Two Factor Authentication Hosted Computing File Versioning Enterprise Content Management Shadow IT Legal Start Menu Government IT Plan Business Technology User Error Hiring/Firing Domains Health Voice over Internet Protocol Human Resources Software Business Continuity Education CrashOverride Alert Streaming Media Colocation Strategy Phishing Virtual Reality Hard Drives Evernote User Tips Content Filtering Safe Mode Facebook Google Phone System Worker Specifications iphone Mouse Vendor Management Hring/Firing Security Cameras Mobile Device webinar Intranet Marketing Physical Security Windows 7 HVAC Remote Worker IBM Remote Monitoring Operating Systems Solid State Drive Content IT Support Comparison Pain Points Company Culture Office Tips Encryption Excel Settings PDF Battery Managed IT Services Proactive Maintenance Theft History Unified Threat Management How to Logistics Internet Exlporer Distribution Website Outlook Accountants Tools Scam Employee Vendor Experience Online Currency Skype Shortcut IT Support Operating System Information Technology Printer Server Conferencing Entrepreneur 5G OLED Electronic Health Records Data storage Data Protection Professional Services Amazon Web Services IT Services Passwords Authentication Keyboard Chrome Cables Regulation Business Social Networking IT Consultant Data Breach Administration Network Credit Cards Business Intelligence BYOD Analytic Current Events Bloatware Leadership Saving Time Office 365 Windows Media Player Digital Payment Computer IaaS Value Remote Work Thought Leadership Managed IT Access Control Tech Support Tablet Laptop Safety Router The Internet of Things Running Cable Servers Distributed Denial of Service Android Mobility Microchip Internet of Things Techology Biometric Security Bing Mobile Computing Data loss Mobile Office Social Media Robot Chromecast Security User Touchscreen Compliance Smart Office Smartphone Spam Blocking Video Games Cryptomining Patch Management Emails Rootkit Tech Term App Camera DDoS Training CES Gmail Analyitcs WIndows 7 E-Commerce Innovation Hackers Save Money Identity Theft Proactive Meetings IT solutions Network Security Insurance Password Management Customer Relationship Management Cache Computing Infrastructure Instant Messaging Best Practice Telephone Systems VPN Advertising Employer-Employee Relationship Business Computing BDR Managed IT Services Windows Server 2008 eWaste Content Filter Archive Books Social Engineering Multiple Versions Cloud Computing WiFi Uninterrupted Power Supply Fax Server Miscellaneous Networking Virtual Private Network Virus Files Printers Restore Data Document Management Monitor Google Apps Tip of the week Software Tips Audiobook Business Management Communication Smartphones Memory Tablets Cryptocurrency Backup and Disaster Recovery avoiding downtime Unified Communications Reputation Privacy Trending Server Staff HIPAA Telecommuting Worker Commute Line of Business Congratulations Data Small Business Gaming Console Virtual Assistant Printer USB Online Shopping Millennials Multi-Factor Security Holiday Electronic Medical Records Students Spam Remote Monitoring and Maintenance Recycling Hosted Solutions Virtualization Database Cast Humor YouTube Shortcuts Applications Hosted Solution Hacker Going Green Outsourced IT Business Mangement Storage Charger Black Market Product Reviews Search Engine Password Application IT service Investment How To Digital Signage Internet Bandwidth Cabling Wire Best Practices Employee/Employer Relationship Loyalty Bluetooth Wearable Technology Smartwatch File Sharing LinkedIn IT Infrastructure SaaS Workers Information Windows Browser Public Cloud eCommerce Lifestyle SharePoint Two-factor Authentication Webinar Saving Money Cost Management Bring Your Own Device Google Drive Microsoft Office Firewall Data Warehousing Content Management Vulnerability Science Wireless Botnet Music Password Manager HBO VoIP Automobile NIST Telephony Politics Netflix Touchpad

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *