What is it?
Spear Phishing is the use of cleverly crafted and targeted emails or social media messages that are designed to trick the user into performing an action such as clicking on a link or opening a file.
How does it work?
Attackers will send an email that is engineered to look legitimate and from a trusted source, often indecipherable from a normal email to the untrained eye. This email will be designed to entice the user to open a file that contains a malware infection, or click on a link that will drive the user to a web site. This web site may be infected with malware, or will ask the user to login using their credentials. For example, an attacker may send a phishing email targeted at businesses listed as customers by ABC Business Bank. The email will look like other emails from ABC Business Bank, and it will ask the user to visit the site to check on their account. Someone from accounting sees this and when that user clicks the link, they are taken to a site that looks exactly like ABC Bank. They enter their username and password, and attempt to enter the site. At this point the attacker now has the user’s credentials to the bank account. They can login and transfer money before the user is aware anything is happening. This can also happen with personal accounts.
Should I be worried?
Spear Phishing is the leading source of successful infection found in the wild today. The technique’s success insures it will continue.
How can I prevent it?
Train your users. Make your users aware of the threat. Teach them to never visit a site via an email link. Always type the URL address of the web page home directly. Use cloud-based security tools. Cloud-based email, web filtering and endpoint protection can allow you to ensure that the user does not receive these targeted messages. If they do web filtering and endpoint protection can help to block the threat from being successful. Use multi-factor Authentication. Many sites now offer multi-factor authentication. Enable this useful feature for all accounts where it is available to provide a huge boost to the password security. Have a plan in place. Analyze the different scenarios that could occur in relation to this and have a plan for what steps should be taken, should a user fall victim to an attack.