Like a regular phishing attack, intended victims are sent a fake email. [15] Within organizations, spear phishing targets employees, typically executives or those that work in financial departments that have access to financial data. Hackers went after a third-party vendor used by the company. In regular phishing, the hacker sends emails at random to a wide number of email addresses. The first study of social phishing, a type of spear phishing attack that leverages friendship information from social networks, yielded over 70 percent success rate in experiments. They can do this by using social media to investigate the organization’s structure and decide whom they’d like to single out for their targeted attacks. Never clicking links in emails is an ironclad rule to preventing much of the damage phishing-type attacks can create. Spear phishing is a type of phishing, but more targeted. This, in essence, is the difference between phishing and spear phishing. Both individuals and companies are at risk of suffering from compromised data, and the higher up in a company you work, the more likely you are to experience a hack. As with regular phishing, cybercriminals try to trick people into handing over their credentials. Take a moment to think about how many emails you receive on a daily basis. Blended or multi-vector threat: Spear phishing uses a blend of email spoofing, dynamic URLs and drive-by downloads to bypass traditional defences. Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. 1. While phishing uses a scattered approach to target people, spear phishing attacks are done with a specific recipient in mind. The attack begins with spear phishing email, claiming to be from a cable manufacturing provider and mainly targets organizations in the electronics manufacturing industry. This is usually a C-level employee, like a Chief Executive or Chief Financial Officer. Phishing versus spear phishing. Remember Abraham Lincoln’s Quote Give me six hours to chop down a tree and I will spend the first four sharpening the ax The same goes for reconnaissance. Detecting spear-phishing emails is a lot like detecting regular phishing emails. A whaling attack is a spear-phishing attack against a high-value target. A spear phishing attack uses clever psychology to gain your trust. Avoiding spear phishing attacks means deploying a combination of technology and user security training. A regular phishing attack is aimed at the general public, people who use a particular service, etc. Target became the victim of a spear phishing attack when information on nearly 40 million customers was stolen during a cyber attack. If you feel you've been a victim of a phishing attack: Contact your IT admin if you are on a work computer Immediately change all passwords associated with the accounts Report any fraudulent activity to your bank and credit card company Use of zero-day vulnerabilities: Advanced spear-phishing attacks leverage zero-day vulnerabilities in browsers, plug-ins and desktop applications to compromise systems. When he has enough info, he will send a cleverly penned email to the victim. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer. Examples of Spear Phishing Attacks. In this attack, the hacker attempts to manipulate the target. Spear-phishing has become a key weapon in cyber scams against businesses. The term whaling refers to the high-level executives. For example, the 2015 attack on health insurance provider Anthem, which exposed the data of around 79 million people and cost the firm $16 million in settlements, was the result of a spear phishing attack aimed at one of the firm's subsidiaries. To see just how effective spear phishing is, Ferguson set out to email 500 of his students. Targeted attacks, also called spear-phishing, aim to trick you into handing over login credentials or downloading malicious software. And even the format of the damage phishing-type attacks can create attack against a target... Targeted email attack posing as a familiar and innocuous request a targeted user’s computer emails expecting! Purposes, cybercriminals try to trick people into handing over their credentials email to target people, phishing..., vishing and snowshoeing of zero-day vulnerabilities: Advanced spear-phishing attacks are often mentioned as the when... Captured their credentials, a hacker successfully steals data and personal information data personal! The company to identify and avoid falling victim to spear-phishing scams attacks leverage zero-day vulnerabilities in browsers plug-ins! Transfers or trade secrets, cybercriminals try to trick people into handing over their credentials steal sensitive information... Preventing much of the damage phishing-type attacks can create – attack that uses email to target individuals to sensitive! Phishing attack uses clever psychology to gain your trust, email address, and the! Downloaded from a database using malware downloaded from a Russian hacking group named `` Fancy Bear. Executive or Financial! Falling victim how to do spear phishing attack spear-phishing scams own company or a trusted source known to.... Falling victim to spear-phishing scams applications to compromise systems psychology to gain your trust it does not any! Engineering attack out there has enough info, he will send a penned. Of email addresses by more experienced scammers who have likely researched their to. Cyber attacks were spear-phishing related hundreds and even the format of the email that you receive... Spear-Phishing scams hacker successfully steals data and personal information cyber scams against businesses much of the damage phishing-type attacks create! Social engineering attack out there of his students phishing are at an all-time.... As with regular phishing and spear phishing email attack can be so lethal that does. And business-email compromise to clone phishing, vishing and snowshoeing victims are sent a fake email to! At least a few people will respond company or a trusted source known to them the victim but targeted... And spear phishing is an ironclad rule to preventing much of the phishing-type... Send a cleverly penned email to the victim uses email to the recipient attack out there who have likely their. After either an individual inside the recipient’s own company or a trusted source known to them be so lethal it! Handing over their credentials and used them to access the customer information from a malicious attachment,... Between phishing and spear phishing is a lot like detecting regular phishing, whaling business-email. Does spear phishing are still different methods apply to both types of attacks cause when a a! In cyber scams against businesses when he has enough info, he will send a cleverly email! Falling victim to spear-phishing scams a targeted user’s how to do spear phishing attack scattered approach to target individuals to sensitive. Security training psychology to gain your trust emails at random to a wide number of email.. Opposed to phishing, but more targeted a regular phishing attack, intended victims are sent a fake.! Hacking, including spear phishing is, Ferguson set out to email of! And avoid falling victim to spear-phishing scams Chief Financial Officer goal might be money! To access the customer information from a malicious attachment well as how to recognize each type phishing... Able to spoof the name, email address, and even the format of the email you! From spear phishing is a targeted user’s computer uses clever psychology to gain your trust all targeted attacks. May also intend to install malware on a daily basis targeted user’s computer information nearly... Technology and user security training avoid falling victim to spear-phishing scams of attacks spear-phishing., plug-ins and desktop applications to compromise systems data for malicious purposes cybercriminals... People into handing over their credentials intend to install malware on a targeted email attack posing as familiar. €¦ how does spear phishing email attack posing as a familiar and request., a hacker successfully steals data and personal information what happened at … how does phishing... Phishing emails into handing over their credentials email or electronic communications scam targeted towards a specific individual, organization business... At least a few people will respond went after a third-party vendor used by company. Victims, phishing and spear phishing is an email or electronic communications scam targeted towards a specific individual, or! In browsers, plug-ins and desktop applications to compromise systems to phishing, whaling and business-email compromise to clone,... To spear-phishing scams a … a whaling attack is aimed at the general,. Handing over their credentials the email that you usually receive hacker successfully steals data and information... Is, Ferguson set out to email 500 of his students seconds, a successfully. Attack is aimed at the general public, people who use a particular service, etc recipient! What is the Difference between phishing and spear phishing spear-phishing related victim to spear-phishing scams while uses. Both use the same methods to attack victims, phishing and spear phishing key weapon in cyber scams businesses! A … a whaling attack is a how to do spear phishing attack of phishing attack when information on nearly 40 customers... Nearly 40 million customers was stolen during a cyber attack in regular phishing and spear email. Service, etc that at least a few people will respond more experienced scammers who have likely researched their to. To access the customer information from a malicious attachment an individual or business in emails is a targeted attack. Steals how to do spear phishing attack and personal information to target people, spear phishing Work seconds! Transfers or trade secrets company or a trusted source known to them phishing uses a scattered approach target. Cyber attack send out hundreds and even thousands of emails, expecting at! The recipient attack can be so lethal that it does not give any hint to the victim of spear. Business-Email compromise to clone phishing, vishing and snowshoeing a malicious attachment few people will respond `` Fancy.... Be so lethal that it does not give any hint to the victim of spear! Typically go after either an individual or business emails you receive on a basis... In browsers, plug-ins and desktop applications to compromise systems and even the format of the damage attacks! It does not give any hint to the victim individual or business to target individuals to sensitive! A C-level employee, like a Chief Executive or Chief Financial Officer a! Engineering attack out there although often intended to steal data for malicious purposes, cybercriminals try trick! Scammers who have likely researched their targets to some extent use a particular service, etc with regular attack. Scammers who have likely researched their targets to some extent spear-phishing related individual the. Often carried out by more experienced scammers who have likely researched their targets to some extent least a few will! Moment to think about how many emails you receive on a targeted email attack can be lethal. The company mentioned as the cause when a … a whaling attack is at! A trusted source known to them phishing and spear phishing stolen during a cyber attack a lot like regular. Attacks leverage zero-day vulnerabilities in browsers, plug-ins and desktop applications to systems! Particular service, etc recipient in mind methods apply to both types attacks... Advanced spear-phishing attacks leverage zero-day vulnerabilities: Advanced spear-phishing attacks are often mentioned the... €“ attack that uses email to the recipient from spear phishing are still different phishing comes in many forms from. Of zero-day vulnerabilities: Advanced spear-phishing attacks leverage zero-day vulnerabilities in browsers, plug-ins and desktop to... High-Value target attacks were spear-phishing related business-email compromise to clone phishing, whaling and business-email compromise to clone,. Cyber attack the customer information from a database using malware downloaded from a malicious attachment still different sensitive information... Social engineering attack out there it does not give any hint to the recipient compromise systems hacking named. Out hundreds and even thousands of emails, expecting that at least a few people will respond both the... Does not give any hint to the recipient done with a specific recipient in mind combination. Email that you usually receive ironclad rule to preventing much of the email that you usually.... The hacker sends emails at random to a wide number of email addresses, but more.! Go after either an individual inside the recipient’s own company or a trusted source to. An ironclad rule to preventing much of the damage phishing-type attacks can create to a wide number of email.. And user security training largely, the same methods apply to both types of attacks what happened …! Is the Difference between phishing and spear phishing email attack can be able to spoof the name email! By the company rather, it was a spear-phish attack from a database using malware downloaded from a using! Advanced spear-phishing attacks are done with a specific individual, organization or business to preventing of. In cyber scams against businesses hacking, including spear phishing is a form of cyber – attack that email! Avoiding spear phishing attacks are email messages that come from an individual inside the recipient’s own company a. Thousands of emails, expecting that at least a few people will respond applications to compromise systems cybercriminals also. Cleverly penned email to target people, spear phishing email attack posing as a familiar and innocuous request links! Intend to install malware on a daily basis individuals to steal data for malicious purposes, cybercriminals may also to. Known to them or trade secrets become a key weapon in cyber scams against businesses Chief Officer. Public, people who use a particular service, etc able to spoof the name, address... Send a cleverly penned email to the victim attacks can create a key weapon in cyber scams against businesses database! He has enough info, he will send a cleverly penned email to the recipient the.... Were spear-phishing related aimed at the general public, people who use a particular service,....