A phishing technique when concentrated on a specific organization or company with an aim to obtain access to unauthorized and confidential data is called Spear Phishing. It has been recorded as the most popular form of phishing practiced on the internet today with an account of 91% of attacks.
High-positioned executives and people with authorities are targeted for attacks, since their time is managed in a way where they are least bothered to verify the authenticity of an email received. This increases the possibility of the scammer’s attempt to make you fall for their scam. The hackers gather some vital information about the individual employees such as name, email address, phone number, and any reference to a mutual friend and so on. These details are collected prior and used for victim segmentation, email personalization and sender impersonation.
Spear phishing awareness and training:
A vital step in defending spear phishing attacks is ensuring high level of security awareness among staff. Recognizing phishing mails becomes difficult because the baits are framed in a very personalized manner and the attacks come from electronic communication and or other forms of social media. Therefore, to avoid spear phishing attacks organizations must organize and conduct good educational programs for employees to spot spam mails and provide efficient training solutions to defense these attacks.
Failure to do so will lead the attacker to:
- Steal organizational trade secrets, merger and acquisition plans, software designs and codes, engineering plans and also research and expansion programmes.
- Delete or alter data with an aim to demolish organization’s business operations, affecting their competition standings and goodwill.
- Misuse of organization’s reputation by sending spear phishing emails to contacts i.e., customers and suppliers from an authorized email account.
Above mentioned is an estimated analysis of number of spear phishing emails sent every month from the year 2013 to 2015. The number of emails sent in the first five months of 2015 when compared to 2014 have reduced to a greater extent.
Numerous training and awareness sessions will be helpful not only in imparting knowledge about spear phishing scam but will also strengthen organization’s internal networks and cause a behavior modification in responding to any emails even though they might not look suspicious at first.