Researchers at email security firm Barracuda have conducted a study to identify current spear phishing trends and the tactics most commonly used to attack businesses and obtain sensitive information.
Spear phishing is a highly targeted form of phishing. Campaigns tend to involve low numbers of emails that have been carefully crafted for attacks on a particular industry, company, or individual. Targets are usually researched, and emails are carefully crafted to maximize the probability of a response.
Over the course of three months, Barracuda researchers analyzed more than 360,000 phishing emails to assess the tactics being used by cybercriminals to fool end users into clicking links and divulging sensitive information.
The researchers identified three main tactics used in spear phishing attacks: Brand impersonation; business email compromise, and blackmail.
Brand impersonation is one of the most popular tactics. The sender name is spoofed to make emails appear to have come from a trusted source such as a government agency, known contact, or an individual within the target’s own organization. Spoofing of well-known brands such as Microsoft and Apple is commonplace. 83% of phishing attacks involve brand impersonation and one in five involves the impersonation of a financial institution.
Business email compromise is a tried and tested technique for attacking businesses. The technique, also known as CEO fraud, involves the impersonation of a CEO or other executive in a targeted attack on an employee within the organization such as a member of the HR, payroll, or finance department. The FBI reports that $12.5 billion has been lost in fraudulent wire transfers as a result of BEC attacks since 2013.
Blackmail attacks have grown in popularity in recent months, in particular, sextortion scams that threaten to expose an individual’s online activities unless payment is made. One of the most popular scams claims to have recorded the user viewing pornography via their webcam following a malware infection. The scammers say they have created a video of the target viewing adult content, along with the sites being viewed at the time. They threaten to send the video to all the users contacts if payment is not made. One in 10 spear phishing emails involve blackmail.
Spear phishing emails are timed to maximize the chance of a response, with most being sent between Tuesday and Thursday during business hours to make them appear more authentic.
While many mass phishing emails are blocked by security solutions, spear phishing emails tend to make it to employees’ inboxes as they appear to have been sent from reputable senders. Zero-day links are also commonly used – Those that have not previously been used for phishing and are not on blacklists. Many email security solutions fail to identify the links as malicious.
Protecting against spear phishing attacks requires a combination of technology and training. An advanced AI-based email security solution should be used that can analyze message content for signs of spear phishing. DMARC should be implemented to help detect email impersonation attacks, multi-factor authentication should be implemented to prevent stolen credentials from being used to access accounts, and end users must receive training to teach them the skills they need to identify potential spear phishing attacks.
Organizations that rely on traditional security tools and train employees infrequently will be particularly vulnerable to spear phishing attacks.