Phishing attacks have been increasing steadily throughout 2019. Most of the phishing emails being sent are part of large campaigns sent randomly using huge lists of email addresses, but not all. Some of the campaigns are far more targeted and are sent to only a handful of individuals – To individuals in a specific department in a company, for instance. Some of the attacks are even more targeted and are just sent one person. These targeted phishing attacks are known as spear phishing, whaling attacks or, as Microsoft often refers to them, laser phishing due to the pinpoint precision used to attack a specific individual.
Microsoft has recently issued a warning about these spear phishing attacks. The emails are often extremely well written and have been carefully crafted to maximize the probability of the target responding and disclosing sensitive data, installing malware, or handing over money. The typical targets are executives and senior managers, many of whom are tech-savvy and know how to identify phishing emails. Even so, many still fall for these scams.
Individuals can be targeted for a variety of reasons. They may have access to the types of data that the attacker wants, or an individual has access to corporate bank accounts. That individual’s email address can usually be found online, or it can easily be guessed. It is not hard to determine the format that a company uses for its email addresses.
The target is then researched via social media networks and an email is carefully crafted that is specific to that person. The sender’s email address is also spoofed to maximize the chance that the email will be opened. The message will appear to have been sent by an individual that the user knows, such as the CEO of their company, a friend, or a business colleague.
If the individual responds, depending on the goal of the attacker, they could obtain the login credentials to their email account, infect the user’s device with malware, obtain sensitive information, or get the victim to make a payment to their bank account. In the case of credential theft or malware delivery, this could be achieved by convincing the user to visit a malicious website or open a malicious email attachment.
Spam filtering solutions are effective at blocking the majority of phishing emails, but It may not always be possible to prevent these highly targeted emails from reaching inboxes. It is therefore important to take other steps to reduce risk.
The most important step is to educate the workforce about phishing and spear phishing threats and train them how to identify phishing emails. This includes checking the sender name and ensuring the name matches the email address. Phishing emails usually have a sense of urgency and often some threat if action is not taken. Requests may go against company policy, such as sending money via a gift card or making unusual payments, either odd amounts or payments at unusual times. The wording of the emails may also be inconsistent with past conversations with that individual. Many of these scams succeed because users act without thinking. Training should be provided to all members of the workforce, from the CEO down.
Policies and procedures should be introduced that make it easy for employees to report suspicious emails. This should be possible through the email client with a single click. The emails can then be directed to the correct person who can assess the email and determine if it is a threat. If so, all copies of the message can be removed from the email system and alerts sent to other users about the threat.
Steps should also be taken to secure identities and prevent stolen credentials from being used to access accounts. This is best achieved with multi-factor authentication. DMARC, DKIM and SPF should be used to prevent spoofing and impersonation attacks. Advanced spam filters should also be used that include a sandbox to help identify malicious email attachments and can detect and block malicious embedded hyperlinks.