Spear Phishing is one of the big malware trends this year. What makes these types of attacks so different from conventional phishing attacks is that they are targeted at individuals, mostly high-profile users, instead of a mass user base. The main aim of a spear-phishing attack is to get the user to run a 0-day malware infected file that opens a backdoor, consequently allowing access to sensitive information or access to elevated privileges.
Spear phishing attacks are more difficult to identify and block using conventional spam filtering methods since they are not targeted at a large audience. Attackers use information gathered from Facebook, LinkedIn and other sites where personal information is publicly accessible. The source is usually a personal contact, a friend, boss or other trusted party, and because they are tailor-made, they do not show up on the radar of spam filters; they don’t come from compromised IPs. The links contain 0-day malware or 0-day links to malware, and the language is designed to evade standard content filters.
Some warning signs in spear phishing emails:
- They ask you to send personal data – (“please send me your password”) by impersonating an official such as your IT department.
- They ask you to click a link trick you into clicking a link which compromises your machine (“Annual General Meeting: Promoted Employees.pdf”).
Here are some things you can do to protect yourself and your company:
- Was the email sent by your colleague or friend? Confirm the email is legit, ask them.
- Suspicious URL? Hover over the link, check where you are being redirected. Is it an HTML file or an EXE?
- If you’re asked, never give credentials to anyone.
- Make sure you’re accessing confidential email from a patched machine. The more holes on the machine, the more vulnerable you’ll be.
- This is a generic best-practice. Use different passwords for personal and business requirements. If your personal credentials are stolen, you will not put your business at risk at the same time.
- Check the SMTP addresses of who you are sending to, not just their display names. Sometimes the auto-complete sends mail to people with similar names if a hacker has uploaded content into your address book.
- If in doubt, change your password.
These precautions and awareness notes will help you make it as difficult as possible for anyone to attack you and your organization.
- Spear-Phishing Attacks: Cybercriminals Know Everything About You (huffingtonpost.com)
- Spear phishing (charlotte.news14.com)