Spear fishing is a food gathering activity that has been practiced by humans for millennia.
Spear phishing, on the other hand, is an entirely new phenomenon where humans – and their personal data – are the main prize. Spear phishing has only been around for a few years, but it’s already attacked businesses and national governments around the world and caused billions of dollars’ worth of damages.
So what is spear phishing? How can you protect yourself? Today, we’re going to answer those questions for you.
Spear phishing is the use of specially-targeted information in order to infect a single person on an internal network. Instead of casting a broad net of phishing attacks and hoping one employee is dumb enough to fall for it, spear phishers spend time learning about their victims before launching their attacks.
In a recent study, spear phishing attacks on company engineers – people who are highly educated with computers and have intimate access to company server networks – were 26% successful. In other words, 26 out of 100 employees fell for phishing attack scams, ripping a hole in company security and exposing sensitive data to the world.
In the study mentioned above, here’s how one employee was compromised:
-The engineer was the father to four children. The attacker used that information (which was freely available on the internet) to create a bogus email. In that email, the attacker said that he had a special health insurance offer exclusively available to families with three or more children. When the engineer clicked on the link in that email, he was directed to a malicious website.
Once the website has been opened, the PC’s security has been compromised because the site can run a script or, depending on the talent of the attacker, gain nearly full access to the PC.
Here’s another spear phishing example:
Spear phishers attack anyone with special access to company networks or internal networks. They focus on engineers and IT professionals – two people who are generally good at avoiding devastating phishing attacks.
The best way to avoid these attacks is to avoid clicking on links in emails. Most phishing attacks are launched through emails. Just like with fishing, the bait looks extremely tempting to the victim. Resist the temptation to click on the bait and, if you absolutely have to click on that link, scan it with an antivirus beforehand or open it up on your coworker’s PC (just kidding) (maybe).