What is Spear-Phishing?
Phishing is an attempt to acquire sensitive information (passwords, credit card details) by masquerading as a trustworthy correspondence. Spear-phishing entails a more focused campaign than the trawler net approach of a simple phishing drive. Plain phishing emails tend to be more exploratory in nature.Attackers use tactics such as victim segmentation, personalized emails and sender impersonation. The unique nature of the emails increase the likelihood that they will bypass any spam filters - emails will often include the recipients name, job title and other pieces of information easily gleamed from an online search. The success hitherto enjoyed by spear-phishing campaigns has lead to an increase in their frequency.
Spear-phishing campaigns typically comprise of:
An email with a file attachment. The most common attachments are PDF, DOC, DOCX or XLS files. EXE are rarely used because EXE files are most frequently flagged by spam filters, they may come compressed within ZIP or RAR files.
Alternatively, an email with a download link or a link to a website that will install spyware or malware onto the victim's hardware. The spyware relays personal information back to the cybercriminals.
94% targeted emails use malicious file attachment, the remainder take advantage of webmail exploits or lure users to click on malicious links.
94% targeted emails use malicious file attachment, the remainder take advantage of webmail exploits or lure users to click on malicious links.
How successful are spear phishing campaigns?
Spear-phishing emails had an open rate of 70 percent, compared with an open rate of just three percent for mass spam emails.
50 percent of recipients who open spear-phishing emails also click on enclosed links, which is 10 times the rate for mass mailings.
The initial costs of a spear-phishing campaign are greater but the returns are said to be 40 times higher.
A spear-phishing campaign comprised of 1,000 messages is likely to generate 10 times the revenue of a phishing mailing targeting 1 million individuals.
Users should not be afraid to verify the source of an email - call the person involved if need be.
Spear-Phishing protection techniques
Users are warned to avoid using websites that begin with https:// instead of http://. Most websites that ask for user information use the more secure https:// protocol.Users should not be afraid to verify the source of an email - call the person involved if need be.
0 comments:
Post a Comment