Argentum IT LLC Blog

Poking at Spear Phishing

Poking at Spear Phishing

Hopefully, you’ve heard of phishing at this point: the method cybercriminals use to scam their targets by impersonating someone that their targets would trust, requesting access credentials or other sensitive information. Did you know that there are specific kinds of phishing? Here, we’ll review one of the biggest risks to your business... spear phishing.

What’s the Difference Between Phishing and Spear Phishing?

In a word, personalization. Your typical phishing campaign, in keeping with the analogy, casts a wide net to try and catch as many victims as possible. By writing a very vague and generic email that appears to be from some large company or organization, the typical phishing attack can be leveraged against almost anyone with a reasonable chance of success - although this also makes them easier to spot if one knows what to look for.

Spear phishing, on the other hand, goes for quality over quantity. Instead of casting out a wide net to snare a large group, spear phishing requires a focused approach, as it targets a single, influential individual.

In order to do this effectively, a cybercriminal can’t just rely on a generic message. Instead, the hacker will do some digging, finding out everything they can about their target - where they work, who they work with, and what it is that they do. Once they’ve collected the information they need, the hacker will spoof an email - often referencing some project or mutual contact to prove their “legitimacy” - with a link to a downloadable file.

This link will take the recipient to what appears to be a login page for Google Drive or Dropbox, but is actually another part of the hacker’s trickery. Once the user enters their credentials, the scammer has them to use for themselves, completely undermining the user’s security and potentially causing a business crisis.

How Do Spear Phishers Fool People?

There are a variety of ways that hackers can make their messages more convincing, especially when they’re leveraging a spear phishing strategy. These methods combine some practical skills with a bit of psychology, supported by the research that these types of hackers do.

As a result, instead of the phishing message being vague and generic, it might reference actual events, people, and things relevant to the target. They will often be spoofed to appear to come from an authority figure, like a manager or the CEO, to encourage the recipient to do as the email says without really thinking about it or questioning it too much. Unlike many other phishing messages, spear phishing messages are typically well written, without spelling or grammar errors.

These cybercriminals can be especially devious and will even buy close-match domains to make their attacks that much more convincing.

Let’s say that you owned the domain example-dot-com. Someone trying to phish someone else by posing as you could purchase their own domain, example-dot-com. Looks the same, but by using a capital “i” instead of a lowercase “l”, the phisher can create a lookalike site that truly appears to be legitimate.

Who Do Spear Phishers Target?

This is one of the main reasons that spear phishing requires so much research - not only does the hacker have to identify who they are going to target; they have to also identify the best way to scam them. As a general rule, however, spear-phishing attackers will target those people in an organization who have access to the information that the phisher wants, but not enough clout to question a request from (what appears to be) up the chain of command. In other words, a business’ end users.

So, what can you do to prevent spear phishing from impacting your business? There are a few things:

  • Check to make sure everything about an email is as it should be. Is the sender actually , or is it ? Are there any files included with the email? They could be a means of installing some kind of malware, so avoid clicking on them.
  • Take any urgency in the message with a grain of salt. Many hackers will make their messages sound more urgent in the attempt to scare their targets into action. You should also keep an eye out for any changes in standard operating procedures as well… like if your company typically utilizes Google Drive to share files, but you’re being asked to download a file from Dropbox instead.
  • Make every effort to confirm any messages you find suspect through another means. The few moments it takes to pick up the phone and ask the person who seems to have sent an email will be well worth it if it helps you avoid a data breach.

Threats like spear phishing are just the start of a business’ security concerns. For more assistance with your business’ IT and its security, subscribe to our blog, and give Argentum IT LLC a call at (502) 473-6407.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, June 20 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Cloud Network Security Privacy Hackers Business Computing Internet Software Malware Hosted Solutions Productivity Google Backup Innovation Mobile Devices Microsoft Business Productivity User Tips Disaster Recovery Efficiency Computer IT Services Hardware Business Management Email communications Data Backup Business Continuity Data Recovery Outsourced IT Data Windows 10 Managed IT Services VoIP Smartphone IT Support Cybersecurity Upgrade Small Business Tech Term Internet of Things Miscellaneous Workplace Tips Browser Smartphones Android Communication Mobile Device Management Apps Windows Phishing Ransomware Saving Money Windows 10 IT Support Office 365 Virtualization BDR Cybercrime Employer-Employee Relationship Managed Service Provider Server Automation Passwords Save Money Cloud Computing Network Mobility Data Security Information Technology Holiday Best Practice Alert Operating System Gadgets Managed IT Services Law Enforcement Spam Microsoft Office Managed IT Application Collaboration Mobile Computing Risk Management Artificial Intelligence Users Social Media Health Chrome Office BYOD Telephone Systems Quick Tips Hosted Solution Money Hacking Wireless Data Management Budget Password Vulnerability Remote Computing Applications IT solutions Recovery Facebook Computers Office Tips Cost Management Telephony Firewall The Internet of Things Avoiding Downtime Saving Time Information Work/Life Balance Bandwidth Proactive IT Business Technology Unsupported Software WiFi Wi-Fi Education Remote Monitoring App Wireless Technology Encryption Data Breach Antivirus Update Router Networking SaaS Two-factor Authentication Government Google Drive Gmail Social Social Engineering Shortcut Personal Information Word VPN Politics OneNote Tech Support Marketing History Streaming Media USB Data Protection Lithium-ion battery Blockchain Hacker Travel Meetings Big Data Current Events Instant Messaging Mobile Device Conferencing Excel Managed Service Printing Audit User Error Identity Theft HaaS Project Management Battery Bring Your Own Device Value Private Cloud Flexibility Cleaning Compliance Search Network Congestion Redundancy Content Filtering MSP Maintenance Hybrid Cloud Computer Care Customer Service Employee-Employer Relationship Television Vendor Management Touchscreen IT service Sports Automobile Paperless Office Fraud Samsung Internet Exlporer DDoS Transportation Management File Sharing End of Support Hard Drives Virtual Private Network Data Storage Phone System Tablet Computer Accessories IT Management Robot Access Control Scam Cortana Proactive Unified Threat Management Legal Benefits Software as a Service Save Time Downtime Mobile Security Humor Apple Analytics Retail Going Green Augmented Reality Entertainment Storage Wireless Charging Data Loss iPhone Virtual Reality Human Resources intranet Commerce Disaster Voice over Internet Protocol Patch Management eWaste Devices Solid State Drive Evernote Google Assistant Google Docs Data Privacy Windows 7 Sabotage iOS Mobile IT Technicians ROI Best Available Administration Point of Sale Science Machine Learning PDF Buisness e-waste IT solutions Outlook Spyware Shadow IT Memory Keyboard Shortcuts SharePoint Comparison Computing Employee HBO Workers Monitoring Scalability Bloatware Accessory Smart Technology Microsoft Excel Credit Cards Hard Drive Avoid Downtime Electronic Medical Records Display PC Computer Fan Professional Services Windows Ink IT budget Colocation Managed IT Service Analysis Text Messaging Experience Testing 5G Windows 10s Regulation Laptop Students Payroll Settings Teamwork Specifications WPA3 Backup and Disaster Recovery Business Intelligence Updates How To Keyboard Computer Forensics Peripheral Nanotechnology Bluetooth Virus Biometrics Wearable Technology Files FAQ Chromebook Video Games Co-Managed Services Trending Google Maps Document Management Wasting Money Sales App store Camera YouTube Hard Disk Drive Sync Touchpad Smartwatch Edge Customer Relationship Management Unified Communications SMB Training Uninterrupted Power Supply File Storage Break/Fix Distributed Denial of Service Microsoft Word Financial Technology Hiring/Firing Domains PowerPoint Root Cause Analysis Fax Server Advertising Screen Mirroring Running Cable Chromecast Charger Smart Tech Safety Telephone Dark Web Identities Amazon Music Projects Employees Adobe Server Maintenance User Tablets Ciminal Reputation Managing Stress Financial Remote Workers Company Culture Mouse Medical IT Emails WIndows Server 2008 Data storage Device Security Wireless Internet Admin Employer Employee Relationship Lifestyle Websites Upgrades Cast Administrator Connectivity Emergency Branding Hyperlink IoT Virtual Assistant E-Commerce Gifts Identity Books OneDrive Licensing Investment NFL Virtual Desktop Security Cameras HIPAA Vendor Webinar Black Market Gamification Utility Computing Legislation Data Theft Consultant Access Content Filter Wasting Time WannaCry Language Worker Commute Alexa for Business Payment Cards Worker Twitter Monitors Partnership Cache Relocation Printers CrashOverride

Recent Comments

No comments yet.