Spear phishing is a technique used by an individual or organization masquerading as a trustworthy source, usually through emails, with the intent to get the victim to give them unauthorized information.
Victims respond to the attacker by clicking on a link, opening an attachment or just by providing personal information. These actions allow the attacker access to sensitive information such as passwords, usernames, intellectual property and privileged accounts.
The ultimate goal is to gain entry to a company’s network to obtain confidential information such as social security numbers and financial information. A spear phishing attack is different than a regular phishing attack because the attacker targets the user. Regular phishing attacks are generic and are sent to a mass audience. In a spear phishing attack, attackers target key individuals by researching them to craft the message to be relevant to the victim. For example, if the attacker knows you work for a university, an email with specific information for faculty and staff would be appropriate. Often the message will use emotions such as curiosity, fear or greed as a technique to cause the victim to react.
Spear phishing emails sometimes contain file attachments that look like legitimate documents. The attached files can vary in file types such as .xls, .pdf, and .doc. Once the files are opened, the attacker can then take control.
What happens in a typical spear phishing attack?
- A targeted user is sent a spear phishing email which contains a malicious attached file.
- Since the email title and message appears to be legitimate the user is lured into opening the attachment.
- The file installs a malware (malicious software) on the now compromised computer. A document usually opens to hide the malicious activity going on in the background.
- The malware then tries to contact the attacker’s command and control (C&C) server to get instructions from the attacker.
Remember to keep your guard up at all times when you are online. Read the think before you click blog post for ways to protect yourself.
Next Tuesday’s topic: http vs. https
Previous post: Privacy and your browsing history