Spear-phishing is an electronic communication fraud aimed at specific individuals, organisations or businesses.
Although this is mainly to steal data for criminal purposes, cybercriminals may also plan to install malware on the compromised computer.
And this is how it works:
An email is received that seems to come from a trusted source. In reality, it redirects the user to a fake website full of malware. With these emails, the scammers often proceed very cunningly to attract the attention of their victims. For example, the FBI has warned of Spear phishing scams, in which the emails allegedly came from the National Center for Missing and Abused Children.
These attacks are often government paid hackers and hacktivists. Cybercriminals use similar scams and offer governments and private companies confidential data for buyback. They use individually designed methods and social engineering techniques to tailor messages and websites to each victim. As a result, even high-ranking targets, such as corporate executives, open email that they consider trustworthy. Such an oversight then enables cybercriminals to get the information they need to attack the corporate network.
Recommended protective measures
Conventional security measures are often unable to repel this type of attack because the attacks are so cleverly tailored to the target. As a result, they are very difficult to detect. An employee’s mistake can have serious consequences for businesses, government agencies, and even nonprofit organizations. With stolen data, fraudsters could, for example, disclose confidential business data, manipulate stock prices or engage in various types of espionage. They can also install malware during spear phishing attacks to take over computers and make them part of a botnet that can be used for Distributed Denial of Service (DDoS) attacks.
To fend off spear phishing attempts, employees need to know the threats, such as fake emails. In addition to education and training, special technology is needed to improve email security.
Source: Kaspersky labs