What is Phishing?
Phishing is a social engineering technique that aims to deceive
people into unknowingly providing their personal financial information or other
type of credentials to cybercriminals. A phishing attack is most often
initiated with a type of unsolicited email that prompts the user to click on a
link with the purpose of misleading users into what appears to be a legitimate
website. A phishing email tricks the recipient into visiting a spoofed site — one
that mimics a legitimate site where the person would normally feel comfortable entering
a username, password, credit details or other type of private information.
Spear Phishing vs Phishing
Both attack types are focused on acquiring confidential information.
Phishing is a broader term for any attempt to trick victims into sharing private
data and credentials for malicious reasons. Attacks are not personalized to
their victims, and are usually sent as bulk mail to full email databases. Spear
phishing attacks try first to obtain as much personal information about their
victims as possible – this gives the effort much more credibility and increases
the likelihood of catching the victim. These more sophisticated techniques
target a specific individual or group with some sort of “individualized”
details in the message. These more sophisticated techniques target a specific
individual or group with some sort of “individualized” details in the message. Because
of the trust factor of personal emails, it is more difficult for recipients to
identify spear phishing attacks than basic phishing.
Spear Phishing on the rise
Spear phishing is on the rise. Why? Because it works. Traditional
filtering techniques tend to analyze messages in conventional ways to identify
unwanted or nuisance emails, but struggle to correctly flag spear phishing
attempts.
About 80 to 90 percent of the data breaches that my team sees go the
phishing route. -Andrew Conway, Microsoft’s General
Manager for Microsoft 365 Security
For fraudsters, spear phishing is the perfect vehicle to
target executives by tricking them into either providing their credentials or
using them as a stepping stone to reach other employees, leveraging the credibility
inherent to executive communications throughout the messaging process. Spear
phishing attacks aren’t always restricted to collecting private information
though. Often, they will also be used to plant ransomware into the network that
encrypts company data, then extorts fees from the victim to remediate the situation.
Other attacks focus on point-of-sale reconnaissance trojans that target
businesses primarily in the retail and hospitality industries.
Spear Phishing Trends Attacks continue to grow more
customized, whether through an attempt to deliver malware or to perpetrate a
phishing attack. However, spear phishing tactics continue to net attackers huge
sums as Business Email Compromise (BEC) attempts and other social engineering fraud
are becoming much more widely adopted by attackers.
Broader scale attacks
Spear phishing has become so much more common and is being
seen with a much greater frequency than ever and is being delivered on a much broader
scale. Perhaps even more concerning is the fact that a great deal of these attacks
are being launched from trusted sources that are usually compromised accounts.
These attacks are designed to disarm email security measures that focus on
sender validation. Specifically, looking for spoofed domain names, badIP
reputation and things like DKIM and SPF will all generally fail to raise any red
flags. These attacks also have great success in subverting well trained end
users who might otherwise be cautious enough to avoid emails from unknown
senders.
How does it work?
The process starts when cybercriminals identify victims who
put personal information onthe internet or have personal data published online.
Criminals may then complement some relevant data by browsing individual
profiles while scanning social networking sites. Once they have an identity,
collecting the email address is fairly easy since there are many online services
that not only provide email addresses for each individual but also will test and
confirm that the email is in active use.
Read and download the original file here.
Call SpartanTec, Inc. and let our team help protect your business against spear phishing and other online attacks.
SpartanTec, Inc. Columbia, SC 29201 (803) 408-7166 http://manageditservicescolumbia.com/
cities served:
Columbia, West Columbia, Cayce, St Andrews, Lexington, Oak Grove
No comments:
Post a Comment