The total amount of phishing attacks across the world has been continually rising each year for the past decade. As we spend more of our lives online and are constantly plugged into email, this has become a favorite method that attackers employ in order to steal personal information.
Whether it be within businesses or directed at individuals, phishing is incredibly common. In fact, the total number of phishing cases in the United States hit an all-time high back in December of 2021, with the total value being three times that of the highest recorded number back in 2020.
While many people around the globe still fall for phishing scams, many can be defeated with a little common sense and hesitation. Knowing this, attackers have begun to adapt their approach over the last few years, moving into a territory of attack which is known as Spear Phishing.
What’s The Difference Between Phishing and Spear Phishing?
While both of these attacker tactics focus on using email as a method of communication to lure individuals into giving up sensitive data, they start from different origin points. In general phishing, the email is often produced at scale, sent out to potentially thousands of individuals seemingly at random.
With phishing, hackers take a more is more approach, hoping that one of their emails falls into the right (or wrong) hands. There is little pre-investment with phishing, as all that a hacker needs to do is clone a website and then structure a short email that directs potential recipients to the false page.
Spear phishing, on the other hand, is a directly targeted form of phishing attack. While attackers will still be sending an email out to their recipient, they will be focusing on one specific company, or potentially one particular individual. After they establish who they’re going to target, they’ll then collect information about that person in order to craft a phishing email that has more of an emotional response.
An example of this is a particular email in which attacks targeted parents with an email that seemed to be sent from the National Center of Missing Children asking for help with a search. This triggered an emotional response in parents, which led to a much higher engagement rate, putting their information in danger due to their rapid response.
This case of spear phishing was so pronounced that the American Cybersecurity & Infrastructure Security Agency actually had to put out an announcement asking people to stop falling for the scam.
How Does Spear Phishing Work?
The key difference between spear phishing and traditional phishing is the total amount of detail that the sent email will have. Of course, if an attacker needs to craft an email with lots of detail, they need to conduct extensive research on their targets. While a bare-boned attack email might include the person’s name, where they work, and their role, this is fairly easy information to find.
Especially with the popularity of a service like LinkedIn, you can get all of the above information about someone by simply clicking on their profile. Often, you’ll even be able to find their email address here. With this in mind, the bare bones are typically not nearly specific enough for successful spear phishing emails, with attackers spending more time collecting information.
For example, finding out about a person’s likes and dislikes, their hobbies, or even their familial structures are frequently common points of target. The more information a person can collect on an individual, the more detailed and realistic they can make their phishing email.
How To Protect Yourself From Spear Phishing
Although spear phishing is often more successful than generalized phishing attempts, that doesn’t mean there is nothing you can do to protect yourself. In fact, there are a range of common tactics that you can use to keep your accounts safe from spear phishing.
Here are three effective tactics that can help keep you safe when online:
- Limiting Public Information
- Security Defense Tools
- Common Sense
Let’s break these down further.
Limit Public Information
The whole operation of spear phishing focuses on information. With this in mind, the very best method that you can use to protect yourself from effective spear phishing attempts is to be very careful about what you put out on the internet. If attackers are looking for your personal information, then any open social media websites that you have will instantly become a valuable pool of information.
While we’re not suggesting you put your whole online life on hold, if you introduce some privacy filters, then your information is significantly harder to find and access. With this, it’ll be much harder for an attacker to gather information about you, keeping you safe.
Invest in Security Defense Tools
Turning to the plethora of security defense tools for email that are available is a great way of limiting the number of phishing emails that even end up in your inbox. Of course, if fewer emails manage to break through, then you’ll have a much lower chance of then going on to fall for one.
Lowering your exposure by employing email firewalls is a great way of limiting risk.
Use Common Sense
Although perhaps not the most useful tip there is, reminding yourself to take a moment to validate any communications that you receive can go an incredibly long way. Human intelligence is the single best defense against any form of phishing attack, according to Confense.
Always take those extra five seconds to think about whether the link you’re about to click on or the file you’re about to download is coming from a reputable source. Action bias and our response to always act immediately is an attacker’s most valuable tool.
When preventing spear phishing and many forms of cybercrime, common sense should be your leading voice.
Originally posted 2022-09-14 17:34:51. Republished by Blog Post Promoter