Spear phishing is a threat that’s constantly evolving as cybercriminals find new ways to avoid detection. Here we are going to take an in-depth look at the three most prevalent types of attacks. They are brand impersonation, business email compromise, and blackmail.
Protect your business from sophisticated, targeted, and costly attacks. Spear phishing, a highly-personalized form of email attack, is increasing in popularity with cybercriminals. Attackers research their targets and craft carefully-designed messages, often impersonating a trusted colleague, website, or business.
Spear-phishing emails typically try to steal sensitive information, such as login credentials or financial information, which is then used to commit fraud, identity theft, and other crimes. Designed to evade traditional email security, including gateways and spam filters, spear-phishing attacks are commonly sent from high-reputation domains or already-compromised email accounts.
Spear-phishing emails do not always include malicious links or attachments. Since most traditional email-security techniques rely on blacklists and reputation analysis, these attacks get through. Attacks typically use spoofing techniques and include “zero-day” links, URLs hosted on domains that haven’t been used in previous attacks or that are inserted into hijacked legitimate websites; they are unlikely to be blocked by URL-protection technologies.
Cybercriminals also take advantage of social-engineering tactics in their attacks, including urgency, brevity, and pressure, to increase the likelihood of success.
Social-Engineering Tactics Continue To Evolve
Researchers evaluated more than 360,000 spear-phishing emails in three months, identifying and analyzing three common types of attacks:
These types of spear-phishing attacks, designed to impersonate well-known companies and commonly-used business applications, are by far the most popular because they are well designed as an entry point to harvest credentials and carry out account takeover. Brand impersonation attacks are also used to steal personally-identifiable information, such as credit card and Social Security numbers. Microsoft and Apple are the most-impersonated brands in spear-phishing attacks.
Business email compromise
Also known as CEO fraud, whaling, and wire-transfer fraud, business email compromise makes up only a small percentage of spear-phishing attacks but has caused more than $12.5 billion in losses since 2013, according to the FBI. Scammers impersonate an executive, partner or another trusted person in an email, requesting a wire transfer or personally-identifiable information from finance department employees or others with access to sensitive information.
Gmail accounts are used to launch 30% of business email compromise attacks.
BlackmailIn most blackmail scams, which include sextortion attacks, cyber criminals claim to have a compromising video, images or other content allegedly recorded on the victim’s computer and threaten to share it with all their email contacts, unless they pay up. With about 1 in 10 spear-phishing emails being a sextortion attack, employees are twice as likely to be the target of blackmail than business email compromise.
Cybercriminals Carefully Time Attacks
While malicious emails can arrive any day of the week, spear-phishing attacks peak between Tuesday and Thursday, with 1 in 5 emails sent on Tuesday. Given the fact that businesses are the typical targets, it’s not surprising that weekend days make up the lowest percentage of attacks. Scammers send the majority of emails on business days to make the attacks more convincing.
Spear phishing attacks peak mid-weekSpear-Phishing Attacks Spike Around HolidaysSeasonality dramatically impacts the number of spear-phishing attacks. Cybercriminals try to exploit security weaknesses and other potential vulnerabilities around holidays and other events, such as tax season. The week before Christmas, the number of spear-phishing attacks spiked to more than 150% above average. The number of attacks dropped significantly in the weeks after the holiday.
Cybercriminals know the end of the year is flooded with a lot of activity. Including email communications, so they try to take advantage by launching attacks at distracted and busy employees. IT and security staff resources are typically stretched during the holidays, as many people take vacation time. So the remaining staff may not be as vigilant or have as much time to monitor potential phishing attacks.
Cybercriminals try to exploit this temporary weakness in security.
Scammers deliberately target seasonal workers, contractors, and other temporary employees. They are often less familiar with company business practices and security policies. This makes them more likely to fall victim to an attack.
Staying Ahead Of Attacks
In a future post, we will take an in-depth look at brand impersonation, business email compromise, and blackmail. We will provide detailed information about how the most popular spear-phishing scams work. The reasons traditional email security can’t stop the attacks and the latest targets and techniques being focused on by cybercriminals. Best practices and prevention measures businesses should consider to protect against these sophisticated targeted, and costly attacks will be recommended. They will include a combination of purpose-built-technology and user-security training.