What Is Spear Phishing?

Spear phishing is an email-spoofing attack done to target specific individual or organization, through which hackers can gain unauthorized access to the victim's sensitive information. The main objective of spear-phishing attempts is to gain access to financial gain, understand trade secrets or military information.

Hackers perform regular phishing operations, by sending spear phishing messages that appear to come from a trusted source, however, they come from a malicious source. Most of the phishing emails appear to come from a reputed organization like PayPal, Amazon that has a huge membership base. However, the actual source of the phishing email is mostly from an individual of the victim's own organization - mostly someone who wants to target and gain monetary benefits

Spear Phishing

How does spear phishing work?

Spear phishing targets employees of a specific organization, individuals or even social media accounts like LinkedIn, Facebook or twitter accounts through customized compelling emails. The emails are infected with malicious attachments and links. When the victim opens the malicious attachment or link, the malware code is run in the background to redirect the victim to a malicious website, where the user is asked to fill in a login form and hence gain access to all the sensitive credentials.

Spear phishing VS Phishing

Phishing emails are typically sent randomly to all the known contacts. The email content includes malicious link or attachments that looks genuine to trick the victim to click on the link or attachment which redirects the target to a malicious website or installs malware on the target's device, while the victim made to share confidential information like account information, passwords or even the credit card information.

Spear phishing functions the same, however, the hacker first collects data about a target and the gathered information is used as a reference to curate a personalized spear-phishing campaign. Unlike normal phishing, spear phishing targets a selective group of people or an individual. Since the target is specific with spear phishing, it's easier frame emails with personal information -- like the victim’s name or the organization he/she works for that makes the malicious email look more genuine and trustworthy.

How to protect yourself against spear phishing?

Traditional security is no more effective to fight against spear phishing attacks because hackers customize phishing emails that looks more genuine and therefore it is becoming more challenging to detect. Hackers are taking a spear phishing to a level where the malware can hijack computers and connect them to be a part of malicious network called the botnets which is further used for DdoS attacks. Hackers steal information and reveal the stolen data for monetary benefits or to commit espionage.

  • Organizations should educate employees to identify and differentiate genuine emails from bogus emails
  • Implement the use of an effective Antispam software that can filter out junk emails
  • Effective use of complex passwords is important and never use the same password across all the accounts.
  • Ensure that all the software is up-to-date with the latest security patches
  • Implement two-factor or multiple-factor authentication

Why Comodo Dome Antispam?

Comodo Dome Anti-spam implements sophisticated techniques like spam filtering, malware scanners, content analysis engines to deny suspicious emails from entering the enterprise network. It offers containment technology that protects the system from unknown or zero-day viruses and even other forms of threats by moving them to an isolated sandboxed system. The Valkyrie file verdict system then examines these unknown files using combination of static, dynamic and advanced behavioural analysis. With Comodo Antispam users are free to open, run and use any attachments without getting infected with such malicious attachments.

If you are in search of a good anti-spam solution, look no further get Comodo Dome Anti-spam today!