Spear Phishing - That's Why the Targeted Attacks Are so Successful | Total Security

Hackers target individual employees with spear-phishing emails. You can use these warning signals to identify attacks early on.

Spear Phishing Emails Are Usually Difficult to Detect

In contrast to classic phishing emails, in which fake, mostly unspecific emails are sent to a large number of addressees, fraudsters in so-called spear-phishing focus specifically on individual employees. The aim is to obtain confidential data or a certain behavior trigger. Spear phishing is divided into two categories:

• CEO Fraud A special form of spear phishing is the so-called CEO fraud, fake president, or CEO fraud. Here employees receive deceptively real-looking e-mails from supposed superiors and are supposed to be brought to act quickly and rashly through authority or time pressure.
• The whaling method is also, a special form of spear phishing, but is aimed specifically at executives such as the CEO or CFO. Here fraudsters speculate on valuable business and banking data or pretend to be customers to arrange transfers to false accounts. Often, for example, a fake phone call is used to first build trust with employees. Only in the second step is it then made to click on a link in a follow-up email, contrary to the applicable security guidelines, which, for example, installs malware. All these methods have one thing in common - they are prepared in a targeted and elaborate manner and are therefore often particularly difficult to recognize for unsuspecting employees.

Almost a Third of All Companies Are Affected

Whether the automotive supplier Leonie (amount of damage: 40 million EUR), the tech magazine t3n, or a medium-sized company from Baden - they have all been attacked by spear-phishing with the perfidious "boss scam" (CEO Fraud). In 2019, the US subsidiary of Munich Re asked over 500 medium-sized companies about their experiences with spear-phishing emails. The result: Around a third of the companies had experiences with fake e-mails from superiors in their own company. In almost half of the cases, employees fell for the scam and sometimes transferred five-digit sums to false accounts.

 

How Does a Spear Phishing Attack Work? the Preparation.

The procedure for spear phishing is always similar: the cybercriminals are very targeted and select a small group of employees for the company, depending on the purpose. Often these are employees from areas who have access to bank details or valuable passwords. These are, for example, most employees in accounting or assistants who are to be motivated to carry out a fraudulent transfer. Spear phishing is linked to the hackers being well prepared - they gather a lot of information about selected employees before they attack. In doing so, they collect both professional and private information, sometimes illegally. They spy out social media profiles or Amazon accounts and collect professional information via the company website such as organizational charts, Telephone numbers, and trade fair visits. Once the situation in the company has been spied out, the fraudsters contact the employees with an e-mail under a pretext that, through previous research, may even contain insider knowledge and thus appear deceptively real.

How Does a Spear Phishing Attack Work? the Implementation.

1. Pretending For, For example, an urgent e-mail from the supervisor who is currently on a business trip is faked. Under the pretext that he was currently on the plane and therefore unable to act himself, he asked employees to transfer a large sum to an important business partner - immediately. He adds the bank details.
2. Creating pressure In the worst case, employees feel pressured or stressed and transfer money to the fraudsters without checking their email or bank details. These mainly work with emotional components. Temporal pressure, authority, praise, trust, or knowledge of the private life of employees are very effective here.
3. Layout and content Spear phishing attacks are difficult to identify with realistic content. Also, they are difficult to expose due to technical refinements. The fraudsters skillfully adapt the email layout so that it is indistinguishable from a real email at first glance. The interaction of the content and the technical factors forms the basis for a highly dangerous attack.

What Should Users Pay Attention To?

An untrained eye may not recognize the signs of CEO fraud at first glance - this is exactly the goal of the hackers. By looking closely, however, a small change in the sender address can be seen, for example, and the e-mail can thus be exposed as forged. Warning signals include, for example, deviations in the domain but also small changes, such as replacing a small "L" with a capital "i" in the name. The Cyrillic alphabet also has characters that are very similar to some letters in the German alphabet - a hit for hackers to hide changes in e-mails. While classic phishing e-mails often do not withstand a spell check, spear-phishing e-mails are now usually so professionally set up that many fraudulent e-mails are not uncovered. Anomalies and inconsistencies in the address or in the text can, however, indicate a wrong e-mail: Does the boss say "du" or "Seat" all at once? Links can be checked by moving the mouse pointer over the link and comparing the visible link with the link target. If it doesn't match, it is often a scam.

Redirects to websites with login masks are particularly dangerous. They can be reproduced exactly by the perpetrators and are aimed at entering the password. Here a look at the URL is revealing and a comparison with the original URL is advisable. If employees are still unsure about the authenticity of the e-mail after the check, a telephone or personal inquiry with their line manager or IT specialist can help to clarify the situation.

Strengthening the Human Firewall

It is therefore extremely important to train employees across the company. Not only the employees themselves but also the executives can be the target of attacks, such as the aforementioned whaling. Regular awareness training offers an opportunity to sensitize the workforce to cyber-attacks and to raise awareness of fake emails. Security training in the form of phishing simulations can be used flexibly and also allows targeted attacks to be staged. In the long term, a trained employee's eye can identify this form of cyberattack, strengthen security in the company and prevent major financial and reputational damage. Also, find advanced security like total security to provide multi-tier protection to your data.