What is Spear Phishing? 

Spear phishing is the fraudulent practice of sending emails from a known, ideally, trusted sender’s email address in order to convince the targeted individual(s) to respond, revealing confidential information. There is generally a great sense of urgency in the wording of the emails in an effort to cause people to give up sensitive information before thinking of the possible risks. These messages can be disguised to look like critical security alerts or important work-related information.

Three Spear Phishing Trends 

1. Playing the long game

Hackers are becoming more patient. They may obtain one employee’s login credentials, then monitor that person’s emails to learn about your organization. They will work to determine who the decision makers are at your business and learn what types of attachments employees tend to exchange, so they can mimic them. By gaining access to one employee’s email account, the hackers gain enough information to make their next move. They may even use the compromised email address to contact others in your workforce, which brings us to the second trend on the list.

2. Hijacking email threads 

Would you be suspicious of an email coming from one of your employees? Hackers may take over an employee’s email account, then look for an existing company email chain. Posing as the trusted employee, the hacker then tries to convince the others in the conversation to download an attachment, installing malware that infects their devices and network.

3. Bypassing your spam filters

Don’t depend on your email filters, firewalls, or anti-virus/malware software to catch spear phishing attempts. Spear Phishing attempts will always end up in an inbox. This is accomplished by impersonating trusted sources like Google Drive links and Microsoft SharePoint URLs that trick systems such as Gmail and Office365 into thinking the emails are coming from their own products.

Steli Tech Can Help You Protect Your Business 

Spear phishing attacks are often a daily occurrence and they are becoming harder to recognize, but you don’t have to feel overwhelmed. Parachute is here to help you protect your business. We will design a custom, multi-layer approach, which includes end-user training. Contact Steli Technologies  today for a free, no-obligation assessment!

Leave a Reply
Your email address will not be published.