Spear Phishing: Explanation, Examples and Protection

You already know about Phishing: the process of putting in some bait and waiting for someone to divulge his/her personal information. Phishing comes in many flavors like Tabnabbing, Tabjacking, Vishing and Smishing. But there is yet another type and that is Spear Phishing.

You may have already come across Spear Phishing. When using this technique, cyber criminals send you a message from an entity that you know. The message asks you for your personal and/or financial information. Since it appears originating from a known entity, you just reply without a second thought.

What is Spear Phishing

Spear Phishing is a method where cyber criminals use a targetted technique to dupe you into believing that you received a legitimate email from a known entity, asking you for your information. The entity can be a person or any organization that you deal with.

It is easy to make it look original. People just have to purchase a related domain and use a subdomain that looks like the organization you know. It can also look like the email ID of a person you know. For example, something.com can have a subdomain named paypal.something.com. This allows them to create an email ID that goes support@paypal.something.com. This looks pretty identical to email IDs related to PayPal.

In most cases, cyber criminals keep an eye on your activities on the Internet, especially on the social media. When they get any information from you on any website, they’ll grab the opportunity to extract information from you.

For example, you post an update saying you bought a phone from Amazon on any social networking site. Then you receive an email from Amazon saying your card is blocked and that you need to verify your account before making any more purchases. Since the email ID looks like Amazon, you readily give away the information they ask.

In other words, Spear Phishing has targetted phishing. The email IDs and messages are personalized for you – based on information available on the Internet about you.

Spear Phishing Examples

While phishing is a daily thing and many are familiar with it enough to stay protected, some still fall prey to it.

One of the best and popular spear phishing examples is the way RSA unit of EMC was targeted. RSA was responsible for the cyber security of EMC. The cyber criminals sent two emails, each with an EXCEL file containing an active MACRO. The title of the email was said to be Recruitment Plan. While both the emails were filtered into the Junk Folders of employees, one of the employees got curious and retrieved it. When opened, the MACRO opened a backdoor for the people who sent the email. They were then able to procure credentials of employees. Despite being a security firm, if RSA could get tricked, imagine the life of unsuspecting regular Internet users.

In yet another example concerning a cyber security firm, there were emails from third parties that tricked managers into believing that it was their employees asking for details. When the cyber criminals got the information by posing as employees over email, they were able to get money transferred from the company to criminals’ offshore accounts. It is said that Ubiquity lost over $47 million due to the spear phishing scam.

Spear Phishing protection

Always remember that no e-commerce company will ask you your personal information via email or phone. If you receive any message in any form asking you for details that you don’t feel comfortable sharing, consider it a spear phishing attempt and cut it off directly. Ignore such emails, messages and switch off such calls. You can confirm with the organization or person before responding in future.

Among other spear phishing protection method, is to share only as much as is needed on social networking sites. You can say it is a photo of your new phone and post it instead of adding you bought it from XYZ organization – on a certain date.

You have to learn to identify Phishing Attacks to know more about protection from phishing in general. Basically, you should have a good security software that filters your email well. You can add email certifications and encryptions to the email clients that you use so that you are better protected. Many of the spear phishing attempts may get caught with certificate-reading programs built into or installed to the email client.

Stay safe, stay sharp when online!



Agari raises $22M to protect companies from phishing

More and more organizations are training their employees to identify fraudulent emails, but judging by the 270 percent increase in phishing incidents that the FBI has recorded since 2015, the effort isn’t nearly as effective as it could be. So CSOs are now turning to automated scam prevention providers like Agari Inc., which raised $22 million in funding this week to capitalize on the trend.

The capital will enable the startup to step up customer acquisition efforts and enhance the capabilities of its namesake phishing prevention system. The Agari Email Trust Platform is a cloud-based analytics engine that scans some 10 billion messages every day to identify new attack methods, malicious domains and scanners. After stumbling across a previously unknown threat, the service makes it discovery available through the startup’s two commercial offerings, which enable organizations to harness the information in their security efforts.

The first solution is called Agari Enterprise Protect and focuses on blocking phishing attacks that target internal company assets. According to startup’s website, the software employs machine learning algorithms to compare every message against the Agari Email Trust Platform’s threat database for signs of foul play. The analysis produces a risk score that is used to determine whether an email should be allowed to reach its intended recipient, or diverted to a special inbox reserved for malicious items.

From there, security professionals are able to trace fraudulent emails back to the source using Agari’s other product, Customer Protect. As the name implies, the software is designed to combat not only attacks that target a company’s workers but also attempts to scam its clients. Such campaigns can cause a tremendous amount of brand damage that has the potential to cost just as much as an employee accidentally sharing confidential information with a hacker. The startup’s ability to combat both threats at the same time has predictably garnered a lot of interest in the corporate world.

RELATED:  Hacker leaks personal information of Chinese officials and industry leaders

Agari claims that over 100 organizations currently use its software to combat spear-phishing, including six of the world’s top 10 banks and five of the largest social media networks. Yet CEO Pat Peterson revealed in an interview that it was still a challenge for his firm to secure capital due to today’s tough investment climate. “The trepidation and ghosts of previous investments were in the room” for its backers during the funding negotiations, he told Fortune. “I could tell it was scary time for them.”

Image via Flickr
Maria Deutscher

Maria Deutscher

Maria Deutscher is a staff writer for SiliconANGLE covering all things enterprise and fresh. Her work takes her from the bowels of the corporate network up to the great free ranges of the open-source ecosystem and back on a daily basis, with the occasional pit stop in the world of end-users. She is especially passionate about cloud computing and data analytics, although she also has a soft spot for stories that diverge from the beaten track to provide a more unique perspective on the complexities of the industry.
Maria Deutscher

[embedded content]


Join our mailing list to receive the latest news and updates from our team.


Join our mailing list to receive the latest news and updates from our team.

[embedded content]



Phishers Creating More Noise to Fool Defenses

The criminals behind phishing attacks are creating vast numbers of unique Web pages to host their attacks in an attempt to dodge defenses, according to an industry report. The number of distinct Website links in phishing attacks jumped by more than 150 percent in five months, showing that phishing remains a major vector of compromise, the Anti-Phishing Working Group stated in a report released on May 24.In March 2016, phishing emails seen by APWG members contained more than 123,000 unique URLs, up from 48,000 in October 2015. While the number of URLs has increased dramatically, the number of domains and the number of brands used as camouflage by phishers have remained relatively constant at about 20,000 and 418, respectively, according to the report.”Usually, the domain used in an attack is not malicious,” Luis Corrons, technical director of PandaLabs and a contributing analyst to the report, told eWEEK. “There will be a Website, and someone, somehow hacks into the site and creates a number of phishing pages inside the domain. That is why it is hard to shut down a phishing site.”The volume of new URLs suggests that attackers are using the quick creation of new links to create a digital shell game, dodging defenses and raising the workload for defenders.

The approach is not surprising: Attackers have often tried to overwhelm defenses with numbers. When anti-spam engines became more successful in blocking unsolicited email messages, spammers started creating more messages and, when defenders adapted, began creating more fake accounts on legitimate email providers.

When cyber-criminals wanted to dodge antivirus programs, they focused on automating the creation of distinct malware binaries—usually called “variants”—overwhelming traditional defenses. PandaLabs currently sees about 227,000 distinct binaries of malware every day—more than 20 million a year, according to the report.While some phishing groups create custom domains that they control and then create a variety of pages on the domains, most phishing URLs are hosted on hacked Websites, Corrons said. In addition, the vast majority—at least three-quarters—of phishing sites are hosted on servers in the United States.”As soon as security vendors find a new phishing Website, we attempt to shut it down,” Corrons said. “Depending who is hosting it, the lifetime [of the site] is short.”Most are taken down in hours or days, he said. But keeping up with the quick churn of Websites—more than 3,000 per day on average—is difficult, Corrons said.The report also found that online users in China, Turkey and Taiwan were the most likely to encounter malware in their email. Chinese users had more than a 51 percent chance of encountering malware during the quarter, according to Corrons. The original report mischaracterized this proportion as the infection rate, which Corrons clarified for eWEEK. Sweden, Norway and Finland had the lowest encounter rates, hovering around 20 percent.PandaLabs classified almost two-thirds of the malware encountered in a phishing attack as Trojans and about a quarter as potentially unwanted programs. The remaining malware was classified as viruses, worms or adware.