Spear-Phishing: Protecting yourself from the attack

Spear Fishing

Spear Phishing is one of the big malware trends this year.  What makes these types of attacks so different from conventional phishing attacks is that they are targeted at individuals, mostly high-profile users, instead of a mass user base. The main aim of a spear-phishing attack is to get the user to run a 0-day malware infected file that opens a backdoor, consequently allowing access to sensitive information or access to elevated privileges.

Spear phishing attacks are more difficult to identify and block using conventional spam filtering methods since they are not targeted at a large audience.  Attackers use information gathered from Facebook, LinkedIn and other sites where personal information is publicly accessible. The source is usually a personal contact, a friend, boss or other trusted party, and because they are tailor-made, they do not show up on the radar of spam filters; they don’t come from compromised IPs. The links contain 0-day malware or 0-day links to malware, and the language is designed to evade standard content filters.

Some warning signs in spear phishing emails:

  • They ask you to send personal data – (“please send me your password”) by impersonating an official such as your IT department.
  • They ask you to click a link  trick you into clicking a link which compromises your machine (“Annual General Meeting: Promoted Employees.pdf”).

Here are some things you can do to protect yourself and your company:

  • Was the email sent by your colleague or friend? Confirm the email is legit, ask them.
  • Suspicious URL? Hover over the link, check where you are being redirected. Is it an HTML file or an EXE?
  • If you’re asked, never give credentials to anyone.
  • Make sure you’re accessing confidential email from a patched machine. The more holes on the machine, the more vulnerable you’ll be.
  • This is a generic best-practice.  Use different passwords for personal and business requirements. If your personal credentials are stolen, you will not put your business at risk at the same time.
  • Check the SMTP addresses of who you are sending to, not just their display names. Sometimes the auto-complete sends mail to people with similar names if a hacker has uploaded content into your address book.
  • If in doubt, change your password.

These precautions and awareness notes will help you make it as difficult as possible for anyone to attack you and your organization.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s