What Is Spear Phishing?
Spear phishing is a specific kind of phishing attack where a threat actor targets a specific person or organisation with a email messages that seem to come from someone who really knows them or the inner workings of their organisation.
The threat actor often gathers information from social media, company websites, other phishing attempts, even phone calls to find out the names of employees or org. structure then use all of this found information to make their emails as believable as possible.
Even something as low effort as phishing multiple people in an organisation until the threat actor gets an automatic reply stating someone is out on vacation, can be enough information for them to choose to impersonate that person or use that information to make their story very believable.
The purpose of spear phishing email is to steal valuable data, launch malware within a system, execute instructions that seem to be coming from a trusted source, or gain an even deeper level of understanding of the inner workings of an organisation for further exploits.
Spear Phishing vs. Phishing
The main difference between phishing and spear phishing is phishing relies on quantity while spear phishing relies on quality. For hackers, phishing is a game of chance, and they tend to target anyone and everyone in hopes one will fall for their social engineering tactics.
While some phishing emails can be sophisticated, many are obvious scams and end up discarded. With spear phishing, the target is researched, and the hacker will often pose as someone they trust (employers’ IT team, financial institution, or other source) to raise the probability that they will fall for the attack. The message sent will appear personalised and legitimate.
Spear Phishing vs. Whaling
Whaling could be considered a kind of spear phishing, in that it’s targeted. The main difference is that whaling targets high ranking individuals within an organisation, think the C-suite or a user with a lot of access to an organization’s systems and data.
How a Spear Phishing Attack Works
- A threat actor will pick a target and research them (social media, phishing, social engineering, websites).
- The bad actor will contact the target via email or text message (called smishing), with a message prompting the target to click on a link, file attachment, or to take action (such as wiring money). The message will often be personalised and urgent in nature.
- If the targeted victim clicks on the link, they are often taken to a fake website that looks legitimate and asked to login. While the targeted victim thinks they are logging in, they are actually putting their username and password into a collector for the threat actor.
Or if they are tricked into downloading an attachment, it will begin loading malware onto the device.
Common Aspects of a Spear Phishing Message
While each spear phishing email or text message will be unique to the target, there are some frequent commonalities found in many of these malicious messages:
- The message has a sense of urgency
- The email address is unfamiliar or incorrect
- The message contains spelling or grammar errors
- The message asks for sensitive information such as credentials, financial information, or other personal information
- The message contains links that don’t match the domain they are supposedly coming from
- The message contains suspicious attachments
- There may be follow-up, targeted messages
- There is push back if you ask to communicate to them in a different way (ex. If you respond with “Thanks for the email request, I’ll just call Mrs. A myself and ask her if she wants me to wire money.” They are likely to tell you, “She directed me to not have anyone call her, she is very busy and can’t be interrupted.”)
Spear Phishing Example
A sophisticated, real-world example happened in 2020 with people (specifically employees at various media companies) receiving emails about job opportunities at Amazon.
If the target clicked on the link in the email, it took them to WhatsApp and asked them to download a file, which was malware. The targeted people thought it was a legitimate offer because they work in technology and Amazon is respected by many as an incredibly tech company. The threat actors used some specific information and preyed on their victims’ desires to explore growing their careers with this Amazon job offer.
This attack differs from phishing because of the specificity of the target and the believability of the message. It would not work as well if the attacker was sending this message to a massive list of email addresses they got off the dark web for hockey players. They wouldn’t be in the locker room all talking about hanging up their skates to go straight to work as a tech-guru for Amazon. They would know that the message wasn’t meant for them, and that it was indeed a scam.
How To Prevent Spear Phishing
While spear phishing utilises specific tactics, the same defenses that work against phishing and social engineering also work against spear phishing. They include:
1. Employ Multi-Factor Authentication
Multi-factor authentication (MFA), which adds a second step to the login process, can protect access if credentials are stolen. A bad actor may have credentials, but they won’t have the way to verify them and gain access.
2. Utilise Complex and Rotating Passwords
Complex passwords (that use 12-plus letters, numbers, and characters) can prevent a bad actor from guessing credentials based on personal information they may have from you. In addition, rotating passwords regularly can prevent access if a hacker gains credentials through a spear phishing campaign.
3. Invest in Security Awareness Training
Users are not only the first line of defense, but they’re the main targets of spear phishing campaigns. Investing in security awareness can help users identify potential attacks, understand it is important to verify requests, and know what to do if they become a target themselves.
4. Monitor Your Organisation’s Security Environment
As spear phishing relies on social engineering to trick users, it’s possible an employee could’ve fallen for an attempt and not even known. By monitoring your security environment for threats, your organisation can see if there is suspicious activity and act before a serious breach occurs.
How Arctic Wolf Can Help Prevent Spear Phishing
Arctic Wolf has multiple solutions that help organisations protect against current and future cyber threats caused by spear phishing.
Arctic Wolf® Managed Detection and Response (MDR) solution provides 24×7 monitoring of your networks, endpoints, and cloud environments to help you detect, respond, and recover from modern cyber attacks. If a spear phishing attempt becomes a successful attack, MDR can immediately detect the new behavior and alert your IT team, helping you mitigate the attack.
Arctic Wolf® Managed Security Awareness employs engaging micro-learning sessions that help employees recognise social engineering tactics to prevent future threats from becoming data breaches.