Phishing

Introduction to Spear Phishing

As we know it today, Phishing has become one of the most commonly used tactics by the Cyber attacker in order to garner personal information and data.  This primarily involves our physical addresses, E-Mail addresses, credit card numbers, banking and other types of financial information; Social Security numbers, etc.

Phishing involves sending an E-Mail, either with a malicious file (such as those .DOC and .XLS), or link.  Once the victim has downloaded the files or clicked on the link, then the malware (most likely a Trojan Horse) spreads itself onto the computer or wireless device of victim.

Generally, Phishing attacks involve sending mass E-Mails out; in other words, there is not one targeted individual or organization.  Whatever contact information the Cyber attacker can get their hands on is used. Although lately, there appears to be a new trend developing:  a tactic known as “Spear Phishing”.

A Definition

It can be defined specifically as follows:

“It is a phishing method that targets specific individuals or groups within an organization. It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss.”

Thus, in these instances, the Cyber attacker has already done their research ahead of time and knows who or what they want to specifically target.  In a way, this is similar to that of Business E-Mail Compromise (BEC) attack, in which the C-Level executive is primarily targeted to transfer funds.

In this blog, we examine the recent trends of Spear Phishing attacks.

The Trends

Just consider some of these alarming statistics:

  • 77% of the Spear Phishing attacks are laser focused – targeting only 10 E-Mail inboxes, and only 33% of them focused upon just one E-Mail inbox.
  • 47% of Spear Phishing attacks lasted less than 24 hours.  All other types of Phishing schemes lasted at least 30 days or more.
  • Another tactic that the Cyber attacker uses is what is known as the “Drip Campaign”.  For example, 35% of the Spear Phishing attacks lasted at least 12 months or even longer.
  • The Cyber attacker has become even stealthier when it comes to bypassing the E-Mail Spam filters.  In these instances, 20% of Spear Phishing based E-Mails were able to get around these filters, and their way into the inbox.
  • 42% of IT Security professionals consider Spear Phishing to be amongst one of the top 3 Cyber-attack concerns.
  • At least 30% of the Spear Phishing campaigns are deemed to be successful.
  • Compared to a general Phishing campaign, Spear Phishing campaigns are cost 20X per victim, and the return is 40X greater.
  • A Cyber attacker will spend an enormous amount of time also trying to find a hidden “crack” or “hole” in the organization in as a stepping stone to collect the relevant information/data on their victim.

So, how is the Cyber attacker so successful when launching these kinds of campaigns?  First, they are consistently sharpening and refining their skills in conducting the research needed in order to launch a laser focused attack.  Second, the Cyber attacker does not rely upon fancy technology in order to execute a Spear Phishing campaign.  Rather, they rely upon the old the old-fashioned techniques of Social Engineering in which to thrust their attacks forward.

The Cyber attacker demonstrates a considerable amount of patience.  For instance, they spend an enormous of time researching their primary target.  They are in no rush to get this task accomplished.  The more accurate the information that they have, the greater the statistical probability that their well-crafted E-Mail will make it through the Spam Filters.

They often rely upon Social Media sites that the individual or even the organization uses.  They try to glean as much contact information as possible.  Also, the use of Internet based background searches is a commonly used tool as well.

Conclusions

Our next blog will examine the specific areas of interest that a Cyber attacker targets in their Spear Phishing campaigns.

Sources

1)       https://www.trendmicro.com/vinfo/us/security/definition/spear-phishing

37 thoughts on “Spear Phishing – Part 1

  1. Wonderful work, Los Angeles IT Services. Despite the patience of the cyber attackers, it is made known that the more accurate the information that they have, the greater the statistical probability that their well-crafted E-Mail will make it through the Spam Filters.
    Thanks!

  2. It’s really terrifying to see how cyber attacks evolve so quickly nowadays. Thankfully there are companies with IT Services that are now developing new strategies to combat spear phishing and helping other companies how to deal with such attacks.

  3. I am really careful when I want to open an email.. I don’t even open my spam email..phishing can make you lose a large amount of money .Companies can use some help from Los Angeles MSP to prevent phishing

  4. A company really needs to have a good IT support to avoid phishing of accounts. Phishing is rampant and some looks very legit.

  5. This is why one should seek pieces of advice from Los Angeles IT Consulting like Be structured to get information on how to tackle all IT attacks. Phishing is very dangerous to the company’s data.

  6. Security has become a very vital IT service given how sophisticated the attackers have become. Thanks a lot for this eye opening write up.

  7. Another dreadful acts of cyber attacking is this spear phishing. Everyone is vulnerable to this attacks and worst is getting our personal info thus it is necessary to have a great IT SERVICE. Having a good IT services will help us figt these attackers.

  8. Spear phishing is very targeted and specific. A good IT support team should be aware of all the spear phishing methods the attackers use.

  9. Doing IT Outsourcing of security for your company can greatly help mitigate phishing. It’s a very worthwhile investment in my opinion.

  10. Los Angeles IT Service has been very helpful for many companies, phishing has become in a nightmare and there are more cyber attacks that need to be controlled and prevented.

  11. Sometimes phishing attacks can be prevented simply by having your employees aware of the various phishing methods attackers like to employ. IT consulting can greatly help with this.

  12. Every computer company is at a great risk of spear phishing today. Good security measures ought to be employed in all businesses.

  13. I want to agree with you as a great IT support.Most Spear Phishing attacks are laser focused – targeting E-Mail inboxes because I see alot of phishing mails in my inbox.

  14. You are really churning information daily as the best Los Angeles MSP. I never knew about Drip Campaign as a tactic used by Cyber attackers. It was good of you to educate us on this.

  15. Thank you so much for sharing this! This is my first time hearing about spear phishing and I learned a lot from reading this. Los Angeles IT Service can definitely help you with this type of information.

  16. This is a valuable tip for any company even a small start up computer company. Services regarding safety of data handled to avoid being hacked especially if the data is about personal files of clients.

  17. Spear phishing is a threat that can be launched to anyone, especially the owner of a business and spread the malware to an entire company, or even still sensitive information. That’s why carrying out IT Consulting with a trusted tech specialist is very important.

  18. Cyber crime has been a serious issue overtime. The issue of this spear phishing is another serious threat to the world and its social environment. But thanks goes to the great Los Angeles Computer Company for this helping us get informed and showing us way to prevent such attacks.

  19. It’s disturbing all the research and hours put into spear phishing and that it’s growing on such a larger scale. With the stats listed, it’s extremely essential to have Los Angeles IT Consulting in the wake of an attack. Thanks for addressing this serious issue.

  20. I can see how spear phishing is one of the top cyber concerns with the genius behind spam filters and social media attacks. If these hackers have the patience to infiltrate any secure network, we have to be equally observant in hiring Los Angeles IT Service professionals who will constantly keep our material safe.

  21. This is why I usually put less to no info in my social media accounts. Others may say its lazy but it works. Unless a hacker wants my quotes and anime photos he he. In seriousness though this is an issue that IT Outsourcing or anyone for that matter must take seriously. Any info leaked can be use to harm someone and we do not want that.

  22. I can see how the internet has become great to help the business to sell their services and products but also the ideal place where hackers can spy and stole your information. Is better to have a plan, and Los Angeles IT Service can be the perfect option to deal with this.

  23. Just avoiding sketchy websites could do a lot However for severe attacks I suggest to call in the pros. Los Angeles IT Support comes to mind. These guys gets the job done.

  24. IT Outsourcing can be an option if case comes to shove in an all out attack. It happened to my system before. My anti virus took care of it but now I am taking protecting my data seriously.

  25. A well structured Los Angeles IT support can go a long way in ensuring that no phishing attacks against a company are successful. Quite an interesting read this is.

  26. When talking about Los Angeles IT services, prevention of phishing attacks can’t be ignored. It has become so rampant in recent times.

  27. Proper measures such as Los Angeles IT consulting are a sure fire way in trying to protect one’s seldf or organization against phishing attacks. The attackers have gotten so sophisticated in recent times.

  28. IT outsourcing remains among the best methods of dealing with phishing while having some peace of mind. Thanks for the well written article 

  29. The Los Angeles computer company best placed to help other companies secure themselves against phishing attacks is Be Structured. Congrats and keep up the stellar work you’re doing.

  30. Using this Los Angeles IT Support company will help one fight all attacks of this nature since attackers are really sharpening and refining their skills in conducting the research needed in order to launch a laser-focused attack. Be structured can help in this aspect.

  31. From today I’ll be cautious opening mails with attachments that I don’t know the source. I didn’t know it could pause such a great threat for my business. Be Structured is the best in Los Angeles IT Services.

  32. When conducting IT Outsourcing for your business you need to understand the background of the company you are working with. A company like Be Structured have been on the market long enough and they understand their business well.

  33. Since I read this article, I have become extremely cautious about how I handle my emails and personal information online. I have learned so much from this Los Angeles IT Support company called Be Structured.

  34. From what I understand it is the acquisition of info through malicious means but is it not why we have anti phishing features? My AV has that but just to fortify my security Los Angeles IT Support is a good back up. I can always count on them when something happens.

  35. I hope everyone get to read this post as publish by this Los Angeles Computer Company so as to avoid phishing emails that can cause huge damage to the mailbox.

  36. I just love how Los Angeles IT Service keep informing us of various ways to prevent cyber crimes. So i believe if anyone has access to this information and still end up being a victim it will be too bad.

Leave a Reply

Your email address will not be published. Required fields are marked *