What is Spear Phishing?
- Spear Phishing is a targeted phishing attack where the attacker has a sufficient amount of expertise to carry out a long knowledgeable scheme to reach their goal of stealing data, money, or breaching the intended network or devices.
How does Spear Phishing Work?
- The attacker will research their potential victim by learning about their reporting structure or department structures. They do this by reviewing the victims website or researching social media.
- The attacker will also research the news about the victim to see if there is anything that can be exploited.
- For example, a ribbon cutting for upcoming construction on a new building or a change in President or CEO.
- The attacker will then use that information to try and exploit only a select few people in the victims organization. This first step is usually done by a carefully crafted Phishing email or a Vishing phone call.
- Once they have established communications with someone within the organization they will then manipulate them into doing something unknowingly malicious. For Example:
- The attacker will get the victim to open an infected document on their computer, granting them access to the network.
- The attacker will have the victim change an Accounts Payable account to redirect funds to a bank account where they money will be laundered.
- Once the attacker has what they want they will either leave or continue to get money or data for as long as they can.
A lot of the times Spear Phishing is usually carried out by using a Business Email Compromise (BEC Attack) or an Email Spoofing Attack. Click Here to learn more.