Spear phishing is the new kid on the block which has been giving sleepless nights to email security folks. Spear Phishing is a specialized and more targeted type of phishing attack. Traditional phishing attacks are one-to-many types, which are usually conducted by sending malicious emails to as many people as possible. Such emails appear to come from trusted sources like your bank, or some other online utility service and they contain links to deceptive sites which make victims reveal their passwords, sensitive account information, confidential pins, etc. Sometimes the phishing message try to lure the victims into opening infected attachments which once opened can seize control over victim’s device and harvest sensitive information stored on the device.
The modus operandi of Phishing attacks is to cast a wide net. Phishers seem to spread their enticements all over and don’t care what kind of fish they catch – as long as the victims take the bait, they can infiltrate and cause the damage. In contrast to the mass email approach of Phishing, Spear Phishing is a targeted attack or rather one-on-one, where the Phisher creates a fake narrative or impersonates a trusted person and establishes a conversation with the victim. Only later does the Spear Phisher request confidential credentials or sends a malicious URL/attachment. Though the end goals of Phishing and Spear Phishing are the same, the tactics employed by the two vary.
Spear Phishers do a lot of research about the intended victim before crafting their first message. They study the social media profiles like Linkedin, Facebook, etc. of the victim and try to build a profile around the victims work and general life. The chosen victims are ones who have access to some sensitive information about their organization like intellectual property, bank passwords, etc. The Phisher sends an email to the victim which seems to come from a colleague or business associate. The first few interactions do not contain any link or attachments, hence are difficult to be detected by anti-spam and anti-virus filters. After a few interactions, the Phisher either sends a link to the victim that can infect his machine with a spyware or sometimes even drives the victim to share some IP or transfer money to his account, citing an extraordinary situation.
Conventional Anti Spam filters derive signatures, recurring patterns & phishing URLs by using information from previously identified threats. This arrangement was successful in fighting mass spam emails – which threatened to make email unusable. However, email security based on signature and recurring patterns is completely ineffective in identifying the ‘one-off targeted Spear Phishing attacks’. The first few emails sent by Spear Phishers do not contain any attachments or links, thus go undetected by spam filters. The Spear Phishers intention is to build a trust with the victim. Phishers usually send emails from legitimate email addresses having good reputation and spoof the display name. Victims get deceived and take the received emails at face value. They do not bother to check the actual email address of the sender which may reveal the hoax. Since Spear Phishing emails spoof the display name and not the actual email address, they are not filtered by DMARC, which relies on policies enforced by senders with respect to their domain names.
Considering the risks of opening and reacting to Spear Phishing emails it is important to educate your users to be vigilant. Here are some tips to that can help protect your users from Spear Phishing:
The above behavior based approach is easier said than done. Sooner or later, someone will click on something that will expose your systems to a breach. Using the right endpoint protection, one that assists in doing this behavior analysis helps. The Rediffmail Enterprise integrated Spear Guard filter uses artificial intelligence consisting of machine learning and predictive heuristic rules to identify and block Spear Phishing attacks even in their initial stages and also saves you from the inconvenience of dealing with multiple vendors to protect your email infrastructure.
Hybrid solution combines two models of email delivery on the same domain, offering the best…
Organizations can stop spoof emails impersonating as them from reaching their customer’s inbox or junk/bulk…
Teamwork creates human synergy. In today’s age, technology and specifically your Business Email can get…
Venkata Satish Guttula, Director – Security, Rediff.com India Ltd, has won an Award under the…
Your brand reputation can be at risk. Cyber criminals can exploit the weaknesses in email…
This is the second edition of the cyber security show & awards, an event by…