Computer with Fish Line and Hook

What the Spear Phisher is After

Our last blog examined what a Spear Phishing attack is.  In today’s blog, we examine what the primary targets are:

1)     Money, Money, Money and lots of it:

While other Phishing based campaigns focus on getting any kind of personal information and data, the Cyber attacker in this case, wants just one thing: Your cash.  As a result, they tend to target the following:

  • Credit card companies;
  • Insurance organizations;
  • Credit Unions;
  • PayPal;
  • Amazon.

In their Spear Phishing E-Mail, the Cyber attacker does not traditionally attach a .DOC or .XLS file.  Rather, they will instead attach a .HTML file, or include the relevant HTML data in the body of the message.  If the victim either downloads this particular attachment or clicks on the link, then he or she will be taken to a very authentic looking, but spoofed website in which they enter in their password.  From this point, the Cyber attacker then hijacks it, and logs into whatever online financial account they know that the victim possesses and steals as much money as they possibly can.  According to the FBI, over 7,000 financial related institutions have been targeted since 2015, which has resulted in a loss of well over $612 Million.

2)     Waiting for particular times of the year:

It is important to note that Spear Phishing attacks do not just occur at any time of the year.  Rather, they occur at special points in time, where there is a lot of activity happening, especially between the financial organization and the individual or organization during tax season.  A typical example of this is tax season.  To launch their Spear phishing campaign, the Cyber attacker will covertly pose themselves as some sort of tax related entity (primarily that of the IRS) requesting the tax preparer to send over sensitive information of the victim (primarily their Social Security number).  This request will often come in the form of an E-Mail message, with the sending address being typically one of the followings:

These types of E-Mail messages often contain a VBA script that is malicious in nature, and worst yet, it will automatically execute itself once opened.  Another example of when a Spear Phishing attack will typically occur is at during a catastrophic event, such as a natural disaster.  For example, in these types of scenarios, the Cyber attacker will send out an E-Mail from the Red Cross asking for donations or other kinds of financial assistance.  Very often, when the victim clicks on that link, they will be taken once again to a very authentic looking, but spoofed website.  But rather than asking them to login into a website so that their login information can be captured, the victim is asked to donate money.  From, there it then gets deposited into a phony bank account that is set up by the Cyber attacker.

3)     Stealing corporate data:

Another prime interest of the Cyber attacker is that of stealing of sensitive data in this regard.  This typically includes contact information of their customers, such as names, phone numbers, E-Mail addresses and the like.  Once this is collected, the Cyber attacker then has enough information at hand in order to conduct further and deeper research into their intended victims.  Also, at stake here is the information that is pertinent to the IT infrastructure of the business or corporation, so that a Ransomware attack can be launched, targeting the organization’s workstations, servers, and wireless devices.

Conclusions

Our next blog will review several incidents of real life attacks, and just devastating a Spear Phishing attack can be.

42 thoughts on “Spear Phishing – Part 2

  1. This is a piece of very valuable information on spear-phishing and this is no jokes. we must be serious about a threat like this. Your Computer Company is really enlightening me about all of this.

  2. Any Los Angeles MSP are aware of this threat by now. As for me I will be honest I do not know much about phishing aside from perhaps its mail aspect. That said, this is very informative and I greatly appreciate that.

  3. Spear phishers are common thieves, they just want to steal your money and data. Have an IT Consulting with Restructured to help get rid of them for your sanity.

  4. Important to be knowledgeable about the time-frame and methods of payment. Thanks for sharing information about IT Service and Support in regards to spear-fishing. Good encryption is a huge asset in keeping corporate data safe.

  5. The rate of cybercrime is in the increase and companies must take precaution and keep all their information safe, they ca do this by being in talks with Los Angeles IT Service for more knowledge.

  6. Cyber attackers are always on the prowl to wreck havoc..that’s why its necessary for companies to have a
    Los Angeles MSP take care and safeguard their network and data..

  7. Spear phishers target only money and nothing more. Los Angeles Managed Service Provider helps in handling and protecting your company’s data from cyber attackers. Nice post!

  8. Phishing based campaigns only has one target, money…. In whatsoever they can get it. Phishing is really growing and Los Angeles Managed Service Provider will give you every protection you need. Enjoy

  9. I have been a victim of spear phishing, they demanded and made sure they collected money from us. Thanks Los Angeles Computer Company for being there to safeguard us. Your posts and guides remains the best in IT related security post.

  10. Wow that’s terrible. My boyfriend lost money from his paypal account because of attacks like the one mentioned here. Thanks Be Structured for your exelent IT Service, and foor warming the people about this attackers.

  11. Phishing has become so widespread recently. It is the duty of the IT Service and Support structure within an organization to ensure that their company never falls victim to phishing.

  12. In my opinion the IT Service Support teams should train their staff members on ways of identifying phishing e-mails. This can go a long way in minimizing phishing attacks.

  13. With IT Consulting it is possible to know the latest techniques that attackers use when doing phishing attacks. This can in turn help an organization be more prepared to deal with such attacks.

  14. A successful phishing attack can be very detrimental to any Computer Company. That’s why stringent measures must always be put in place to stop phishing before it happens.

  15. Phishers are after a lot of important information frrom their targets. With a Los Angeles MSP like Be Structured on your side however, you wouldn’t have to worry so much about phishing attacks.

  16. You hit the nail on the head. It is all about MONEY!!!However, I hate it when people takes the immoral path. Seriously these hackers are so smart but they are using it to steal? Why not apply for a job? I am sure that any IT Service could use their skills and be better. That is just me.

  17. Cyber attackers are just despicable.. They want money….A good Computer Company should be contacted to secure the company network

  18. If you want to secure your network and you are in the LA area then contact the IT services in the LA area, which is Bestructured technologies and get your services

  19. Wow so phishing occurs at specific time of the year. Didn’t know this before. IT Services in California make all your IT infrastructures safe and secured. No phishing activities can get hold of your system. Enjoy their Services

  20. Attackers are always aiming at corporate data. You need to hire Los Angeles Managed Service Provider to close all loopholes and keep all threats at Bay.

  21. There are thousand and one ways that cyber attackers can use to attack our systems irrespective of whom you are. But as the guides are to IT Service & Support and individuals, Los Angeles Computer Company has really put guiding measure to make sure we are safe and free from this attackers. Thanks for sharing this tips.

  22. I’ll be more careful when i check the informatio of my cards and paypal account. Also, it’s better not to click or open messages from people who is not in the contacts list. For the companies, it’s very important to hire IT Services to rpotect their money and data.

  23. All IT service and support should be aware about this. Rhis is the most crucial part of every computer compaby. That is to protect their data as well as their profits.

  24. Phishers are always out to part people and companies with their money. With a good IT Outsourcing plan it is possible to prevent lots of phishing attacks.

  25. Losing corporate data from a phishing attack can negatively impact an organization’s reputation. It is wise to engage in some IT Consulting to know the best methodologies to deal with phishing attacks.

  26. A good proactive IT Service & Support team will always ensure that the employees are well informed on techniques of identifying phishing emails and suspicious links. A lot of times people fall prey to phishing attacks due to lack of information.

  27. Every single Computer Company should be wary of suspicious emails especially those that require one to submit information about themselves or the company. These are most likely phishing scams.

  28. A good way to avoid falling prey to phishing scams is to enlist the services of a Los Angeles Managed Service Provider. Of course the number one recommendation remains Be Structured!

  29. I urge all IT Service & Support teams to be extra vigilant when it comes to spotting phishing attacks. They have become so rampant and widespread lately.

  30. Cyber attackers are using more sophisticated phishing methods with every passing day. To keep abreast one needs to always engage in regular IT Consulting.

  31. Phishing is one of the most damaging attacks any organization can face. For organizations that lack an IT department, IT Outsourcing is a good way to ensure they are protected from phishing.

  32. Each and every Computer Company should be extra alert in seasons like the tax filing season. Phishing attacks are more common during such times.

  33. I wouldn’t recommend any other Los Angeles MSP apart from Be Structured for all phishing attack related needs. Be Structured is the very best in the business!

  34. Spear phishers wait till specific season of the year which means that they occur at special points in time, where there is a lot of activity just to carry out their bad intentions. Contact IT Outsourcing in Los Angeles and feel secured.

  35. I take it that seasons means like the holidays where money is abundant because it is Christmas. On that note a good IT Service & Support must be on guard at these times. Hackers are always bad news.

  36. I get phishing emails about my PayPal account telling me to get some bonus by inputting my details and because I know them I don’t bother replying to them. Thank you Los Angeles IT Services for reteriating on this iissue.

  37. The likes of online wallet (Paypal) are now becoming things that needed proper security. Dont allow your personal information and data stolen, allow Los Angeles IT Outsourcing help you secure you data and information. They are trusted.

  38. Every company has to take security seriously..I’m aware that Spear Phishing attacks occur at special points in time and financial organizations need to be careful…its takes a Los Angeles MSP to secure one”s data..

  39. spear phishers are quite very offensive and need not be handled slightly. Los Angeles Managed Service Provider helps to deal with such at zero worries. Thanks

  40. Even phishing has evolved to such a terrifying degree that dedicated Los Angeles IT Support will need to up their game to help companies deal with this threat. One should always be ready and aware of how a spear phishing attempt is done to be able to protect their data from being compromised in any way.

  41. Spear phishing has really ruined a lot of businesses and investments. But thanks to BeStructured and IT Services in California for their progressive efforts to put us safe.

Leave a Reply

Your email address will not be published. Required fields are marked *