Spear phishing is a targeted form of email attack used to steal sensitive information through enticement, impersonation, or access-control bypassing techniques. In a normal phishing attack, the attacker sends the emails randomly to convince the victims to open an email containing the attachments with the embedded malware or links containing a virus. However, in the case of spear phishing, the attackers send the emails to the specific targets. Apart from using the fake links and the compromised attachments, they can use the socially engineered content rather than payloads, asking the victim to share the information like password, finance related stuff, or other sensitive information which is not supposed to be shared without proper consent.
To identify a spear phishing email, it is important to understand how the spear phishing works. Spear phishing is a targeted email attack against a specific individual, group, or an organization. The attacker first collects the information about the target to win the confidence of the target. After acquiring enough information about the target, the attacker uses the deceptive cover to send the emails to the target recipients. The scary part of the attack is the legitimacy of the email address or the identity used in the email. The spear phishing attack is so sophisticated that the attacker is sometimes able to spoof the email address that is known to the recipient. The attacker gathers enough information to decide the most suitable time of the attack. Usually, the attack is launched when the recipient is expecting the email from the source that is spoofed or impersonated.
Although spear-phishing email attacks are very effective, there are ways to identify such emails. Following are the five ways to identify the spear phishing emails.
Check Sender Email Address and Name
Often, when we receive an email, we see only (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Ifeanyi Egede. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/v7ooiWmFRwY/