The Trends in Spear Phishing Attacks

As we know it today, Phishing has become one of the most commonly used tactics by the Cyber attacker to garner personal information and data. This primarily involves our physical addresses, E-Mail addresses, credit card numbers, banking and other types and kinds of financial information, Social Security numbers, etc.

Phishing involves sending an E-Mail, either with a malicious file (such as those .DOC and .XLS), or link. Once the victim has downloaded the files or clicked on the link (or perhaps even both), then the malware (most likely a Trojan Horse) then spreads itself onto the computer or wireless device of the victim.

Generally, Phishing attacks involve sending mass E-Mails out; in other words, there is not one targeted individual or organization. Whatever contact information the Cyber attacker can get their hands on is used. However, lately, there appears to be a new trend developing: a tactic known as “Spear Phishing.” It can be defined specifically as follows:

“It is a phishing method that targets specific individuals or groups within an organization. It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss.”

(SOURCE: https://www.trendmicro.com/vinfo/us/security/definition/spear-phishing).

Thus, in these instances, the Cyber attacker has already done their research ahead of time and knows who or what they want to target specifically. In a way, this is similar to that of Business E-Mail Compromise (BEC) attack, in which the C-Level executive is primarily targeted to transfer funds.

In this article, we examine the recent trends of Spear Phishing attacks.

The Trends

Just consider some of these alarming statistics:

• 77% of the Spear Phishing attacks are laser-focused – targeting only (Read more...)