fbpx
Mytek Logo
MyTek Logo

Poking at Spear Phishing

by | May 24, 2019 | MyTek Blog, Security

Q

Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

Spear phishing is a type of cybercrime in which criminals pose as legitimate institutions and collect sensitive personal information from people. The malicious way of stealing information can take place through emails, texts, or calls.

MyTek gives you insights into the basics of spear phishing and how you can protect your business from hackers.

Difference Between Phishing & Spear Phishing

Phishing casts a wide net and targets as many victims as possible. With a generic email that appears to be from a legitimate organization, the typical phishing attack can target anyone with a reasonable chance of success. Spear phishing, on the other hand, focuses on quality over quantity. Instead of targeting a large group, spear-phishing targets a single, prominent individual.

Hence, spear-phishing goes beyond a generic message. The hacker will dig deep and find out all their victim’s personal details like their workplace, colleagues, nature of work, etc. The hacker spoofs an email with the necessary information – often referencing some valid project or mutual contacts to prove email legitimacy. Also, they usually give a link to a downloadable file.

This link takes the victim to a fake login page for Google Drive or Dropbox. Once they enter their credentials, the scammer uses their personal details to access bank accounts and steal money or access sensitive business documents.

How Do Spear Phishers Operate?

Hackers use various ways to make spear-phishing messages look genuine. These strategies are a combination of practical skills, psychology, and hacker’s individual research.

Hence, phishing messages can mention actual events, people, or places concerning the target. Usually, the messages are attributed to authority figures like a manager or the CEO. In such cases, the victim may immediately believe it without any counter questions. As compared to regular phishing messages, spear-phishing messages are well written, with clarity, and without spelling or grammatical errors.

Also, cybercriminals use fake domains to increase their credibility.

Imagine you own the domain XYZ-dot-com. The attacker tries to imitate your domain to trick innocent people. They go ahead and purchase their own domain XYZ-dot-com. But, instead of capital ‘Z,’ they have a small ‘z.’ But, the victim cannot make out the difference and easily fall prey to this trick. Hence, without your knowledge, your look-alike site gets used for a phishing event.

Who are the Main Targets of Spear Phishing?

Usually, spear-phishers target people who have access to confidential information in an organization. It may not be the top management but people who take orders from the leaders. These people may not likely question the higher authority and pass on any information.

There are some crucial safety measures that you can employ to prevent a phishing attack in your organization:

  • Ensure the validity of every email that you receive. Is the email sender John [AT] company [DOT] com, or is it I3ohn [AT] company [DOT] com? Are there any email file attachments? It could be a potential source of malware, so do not open these files.
  • If there is an urgent tone in the email message, consider it with a pinch of salt. Typically, hackers use these tactics to confuse their victims and make them act quickly. Also, see if there are any changes in your company’s standard operating procedures (SOPs). For example, imagine your organization uses Google Drive to share files, but email asks you to download a file from Dropbox.
  • Make sure that you verify the email through another source like a telephone call. 

Spear phishing can pose major security challenges for both individuals and organizations alike. If you need help maintaining your business’ IT security, subscribe to the MyTek blog and us a ring at (623) 312-2440.

ABOUT THE AUTHOR

Tim - Team

Tim Tiller, LMSW

 
Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.

Q

Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.

AUTHOR’S RECENT POSTS

Top 5 Hardware Monitoring Software 

Did you know that almost 40% of servers had at least one outage in the last twelve months? Veeam reports that the most common reason for outrages is infrastructure failure which puts the current hardware monitoring practices under the scanner. Hardware failures are...

Types of Mobile Malware & How to Defend Against Them

Malware has a long history of undermining computer security and stealing critical data. With the rapid growth of mobile usage, we're now seeing a new breed of mobile malware infecting smartphones and tablets. The new-age mobile malware are more advanced, seamless, and...

How to Protect Your Data Privacy & Enhance IT Security

Every time you use a device, you enter, modify or access data. Some of your usages are routine and public but sometimes you perform tasks that are confidential in your personal life or business. Naturally, this type of data is private and it should be kept that way....

Mobile? Grab this Article!

QR Code

Blog Archive

Generated by Feedzy
Share This