Hacking, including spear phishing are at an all-time high. In fact, every 39 seconds, a hacker successfully steals data and personal information.
Both individuals and companies are at risk of suffering from compromised data, and the higher up in a company you work, the more likely you are to experience a hack.
Spear phishing a popular type of phishing attack where the hacker targets a specific individual.
This is a sophisticated attack that often involves an email appears to come from a trusted person or company, and may even include personal information that lends an air of legitimacy.
Here’s what you need to know about spear phishing:
Spear Phishing Is on the Rise
Becoming increasingly common, spear phishing is the secret weapon of cyber attacks.
According to a study conducted by Vanson Bourne, 38% of cyberattacks involved spear phishing last year. Some of the most high-profile attacks were started as a spear phishing hack.1 out of 99 emails is a phishing email. And from 2016 to 2017, phishing attacks have increased to 65%. Find out how to avoid these common scams.Click To Tweet
Spear phishing hackers take the time to learn about their potential victims, thereby increasing their chances of success.
Hackers use extensive research to build a narrative that’s credible. They use social media, company websites, and platforms like LinkedIn to discover as much as they can about their victims.
Once they’ve built a complete picture, they can leverage that information to appeal to the victim.
They might use detailed information about the victim’s banks, details about family and friends, current business happenings, or a recent purchase they’ve made.
Real-World Examples of Spear Phishing
The largest known case of wire fraud is a direct result of spear phishing, for example. The breach happened to Ubiquiti Networks, whose company lost $46.7 million after a hacker impersonated a high-ranking executive to authorize a wire transfer that belonged to the hacker.
Though the company was able to secure $8.1 million back from banks in Hong Kong, it was still a major loss for them.
Commodities trader The Scoular Co is one of Omaha, Nebrask’s oldest companies. They were scammed out of $17.2 million over the course of several wire transfers.
The first email was supposedly from the company’s CEO, and mentioned that Scoular had plans to purchase a company in China.
Although the email address was not the correct email of the CEO, it’s clear the hacker did thorough research and had extensive knowledge about company proceedings.
The hacker warned the recipient to not discuss the deal through other channels in order to comply with SEC regulations.
At the time, Scoular was in talks about expanding in China, which made the email seem more realistic and authoritative.
What Happens With a Spear Phish Attack?
Clicking on a link inside a spear phishing will often inject malware into your system, which makes ransomware, identity loss, and data theft possible.
In many cases, a spear phish attempt is all about tricking an employee into thinking the email is coming from a reputable sender, ultimately to initiate a wire transfer.
The “from” part of an email is often changed in a very subtle way that is difficult to detect. For example, the letter “W” might be replaced with the Russian character “ш”
How to Prevent a Spear Phishing Attack
Throughout this article, you learned how effective a phishing attack can be. It’s difficult to detect a phishing scam, but it’s possible.
And there are several things you can do to prevent a spear phishing attack. For starters, if your software allows for it, enable multi-factor authentication to add an additional layer of security.
It’s especially important that you train your staff, considering that 90% of business breaches are successful. Security awareness training can make all the difference to how your staff perceives a potential threat.
More employees need to have a thorough understanding of how serious phishing is becoming. In many spear phishing cases, simply double-checking the email to ensure it’s coming from a legitimate staff member can avoid this scam.
Image credit: Unsplash by Mohamed Ahzam @mohamed_ahzam
Latest posts by Dana Davis (see all)
- Cyber Security in the Age of COVID-19: Protecting Your Business from a Data Breach [Infographics] - October 26, 2020
- Understanding How Innovation Creates Successful Businesses [Infographics] - August 19, 2020
- Simple Tips for Improving Your Content Marketing Strategy - August 17, 2020