Originally posted on https://www.bestructured.com/spear-phishing-part-1/
As we know it today, Phishing has become one of the most commonly used tactics by the Cyber attacker in order to garner personal information and data. This primarily involves our physical addresses, E-Mail addresses, credit card numbers, banking and other types of financial information; Social Security numbers, etc.
Phishing involves sending an E-Mail, either with a malicious file (such as those .DOC and .XLS), or link. Once the victim has downloaded the files or clicked on the link, then the malware (most likely a Trojan Horse) spreads itself onto the computer or wireless device of victim.
Generally, Phishing attacks involve sending mass E-Mails out; in other words, there is not one targeted individual or organization. Whatever contact information the Cyber attacker can get their hands on is used. Although lately, there appears to be a new trend developing: a tactic known as “Spear Phishing”.
It can be defined specifically as follows:
“It is a phishing method that targets specific individuals or groups within an organization. It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss.”
Thus, in these instances, the Cyber attacker has already done their research ahead of time and knows who or what they want to specifically target. In a way, this is similar to that of Business E-Mail Compromise (BEC) attack, in which the C-Level executive is primarily targeted to transfer funds.
In this blog, we examine the recent trends of Spear Phishing attacks.
Just consider some of these alarming statistics:
So, how is the Cyber attacker so successful when launching these kinds of campaigns? First, they are consistently sharpening and refining their skills in conducting the research needed in order to launch a laser focused attack. Second, the Cyber attacker does not rely upon fancy technology in order to execute a Spear Phishing campaign. Rather, they rely upon the old the old-fashioned techniques of Social Engineering in which to thrust their attacks forward.
The Cyber attacker demonstrates a considerable amount of patience. For instance, they spend an enormous of time researching their primary target. They are in no rush to get this task accomplished. The more accurate the information that they have, the greater the statistical probability that their well-crafted E-Mail will make it through the Spam Filters.
They often rely upon Social Media sites that the individual or even the organization uses. They try to glean as much contact information as possible. Also, the use of Internet based background searches is a commonly used tool as well.
Our next blog will examine the specific areas of interest that a Cyber attacker targets in their Spear Phishing campaigns.
Information contained on this page is provided by an independent third-party content provider. Frankly and this Site make no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact firstname.lastname@example.org