Spear-Phishing

Table of Contents

Targeted phishing

What is spear phishing?

Adifferent than the classic one Phishing, which is designed to attack the broadest possible group of victims, spear phishing is an attack on a specific organization or person.

With spear phishing, the attacker no longer disguises himself as a large organization (such as Amazon, banks, etc.) in his emails, but becomes more specific and poses as an employee, superior, friend or business partner.

Three success factors

Gaining the victim's trust is an essential factor for a successful spear phishing attack. In order for this to be achieved, it is essential that the attacker can find out as much information as possible. One way he achieves this is through: Social Engineering and gathering information from public sources such as Facebook and Instagram.

impersonating a trusted person

Unlike normal phishing, a specific person or group, for example a department within an organization, is attacked. The hacker impersonates a well-known, usually higher-ranking person within the company. Out of respect and perhaps also fear of losing their job, many victims will supposedly fall for the phishing attempt.

Do you want to make yourself and your employees aware of phishing attacks?
We offer you professional training.
For user awareness training

Confirming identity

It is also necessary to provide information that confirms the alleged identity of the hacker. If he can convincingly pose as a superior, then he has a good chance of luring victims into the phishing trap.

Logical reason for requests in the email

It is also necessary that the victim is given a logical reason for the requests in the message. Because an illogical reason will appear suspicious to him and increase the chance that he will question the phishing.

Whaling

spear phishing whaling

Particularly popular spear phishing victims are board members and employees in senior positions. Because these so-called “whales”, i.e. “high-ups” within an organization, often have special authorizations and access. However, in order for such an attack to be successful, a sophisticated scenario and extensive information from the company and the victim are required.

2020 Twitter Hack

An incident in the summer of 2020 showed us the impact a targeted attack can have on employees, when the well-known social media platform Twitter was the target of a spear phishing attack.

The attackers specifically targeted the accounts of well-known personalities such as Elon Musk, Bill Gates and Barack Obama.

Employees were specifically contacted by telephone in order to obtain identities, which were then used specifically against other employees with user management rights. Using the captured identities and access to the internal network, access was then gained to 130 accounts, of which 45 tweets were published. Furthermore, more than 30 direct messages were read and data from at least seven accounts was downloaded.

2020 Twitter Hack
2020 Twitter Hack

This incident shows how dangerous a spear phishing attack can be. Especially in larger companies with classic, steep hierarchical structures, it is often the case that not all employees know each other. This significantly increases the success of such an attack. However, it must be noted that smaller companies are not spared from phishing attacks, because ultimately the company is only as secure as the last employee makes it.

In order to ensure this security, it is advisable to sensitize employees. This can be done, for example, through training and User awareness campaigns be achieved.

Increase the security of your system!
You will receive detailed advice from us!
Contact us now
DIVIDE
Newsletter Form

Become a Cyber ​​Security Insider

Get early access and exclusive content!


By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!
OTHER CONTRIBUTIONS

Table of Contents

PSN_KU_Cover
NewsLetter Form Pop Up New

Become a Cyber ​​Security Insider

Subscribe to our knowledge base and get:

Early access to new blog posts
Exclusive content
Regular updates on industry trends and best practices


By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!