June 9, 2016

Spear phishing is a form of cyber-attack targeted towards an individual or organization to obtain confidential information. It is a social engineering technique that involves sending a spoofed email, which appears or claims to be from a legitimate source, asking the user to visit a website or click on a link. Though often intended to steal data that can be further used to initiate an attack, cyber criminals may also use spear phishing to install malware on the victim’s computer system.

Key Characteristics Of A Spear Phishing Attack

  • Multi-Course Threat: Spear phishing uses a combination of spam emails, zero day application vulnerabilities, spoofed website URLs and add-on downloads to circumvent detection by the security software.
  • Leverages Unknown Software Vulnerabilities: In a spear phishing attack, the hackers tend to exploit the unknown security loopholes in the users’ browsers, applications and plug-ins.
  • Lacks Spam Characteristics: The cybercriminals usually send personalized emails to the target users, hence making them different from the prevalent high-volume security attacks. Therefore, the anti-virus and anti-spyware programs are less likely to perceive these emails as a threat.

How Does Spear Phishing Work?

In order to launch a spear phishing attack, the hacker first needs to gain some insights about the target user so that a personalized email can be crafted. The information is often accessed through the user’s social media profiles and posts. After this, they send a well-crafted email to a user, often claiming to be from a bank or other authorized entity, provoking the user to take an action. These may involve:

  • Clicking on a link that redirect to a fake website asking the user to enter his user ID, password, bank account number, social security number etc.
  • Downloading attachments, usually PDFs, Office documents, zip folders or executable files, which install malware on the users’ computer.

The content shared in a spear phishing email is highly customized to compel the users about the authenticity of its sender and increase the likelihood of exploitation.

Tips To Protect Against Spear Phishing Scams

  • Make sure you do not provide any personal information in an email. Most companies/ financial institutions do not ask for such details in an email.
  • Never click on links embedded in an email. Instead, type the URL manually in your browser’s address bar.
  • Keep your security software, browsers and applications updated to the latest version. An obsolete program is more likely to be targeted by the cybercriminals.

Centex Technologies provides complete IT support to the businesses in Central Texas. For more information, feel free to call us at (855) 375 – 9654.