Spear phishing is a specific kind of email phishing attack hackers use to gain access to sensitive data. When someone sends you a spear phishing email, it looks like it’s coming from someone you trust. The email contains a link to a website that appears to be legitimate, but the link delivers malware, giving the hacker access to your network
and its data.
Normal phishing emails are typically sent out to huge lists of people. They cast a wide net with the hope of catching a few fish. They are often easy to spot and their hallmarks are:
Misspellings —— Poor Grammar —— Tacky Subject Lines —– Odd Formatting
In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority. Visiting West Point teacher and National Security Agency expert Aaron Ferguson calls it the “colonel effect.” To illustrate his point, Ferguson sent out a message to 500 cadets asking them to click a link to verify grades. Ferguson’s message appeared
to come from a Colonel Robert Melville of West Point. Over 80% of recipients clicked the link in the message.
In response, they received a notification that they’d been duped and warning that their behavior could have resulted in downloads of spyware, Trojan horses and/or other
malware. The precise nature of spear phishing makes it extremely difficult for your
email security provider to identify the attack and prevent it.
WHY IT MATTERS!
All it takes is you clicking on one link in a spear phishing email for a hacker to gain access to valuable data like credit card information, trade secrets, or social security numbers; it all depends on what the hacker is looking for. If your email
security system isn’t designed to stop spear phishing in its tracks, you are vulnerable to these kinds of attacks.
SPEAR FISHING Incidents
Hackers used a spear phishing email to gain access to 110 million Target shoppers’ credit
card data . All it took was an employee at an HVAC vendor that does work for Target clicking a link in a spear phishing email. Forbes estimates the hack cost financial institutions more than $200 million and cost Target around $148 million. That adds up to
more than $350 million in damage done by a spear phishing attack.
The FBI has named five Chinese military officials to the Most Wanted list for their
hacking of U.S. metals and solar power companies; Chinese hackers used spear phishing attacks to steal trade secrets of companies around the world—and especially in the U.S.
Although it can be difficult to put a number on the value of innovation lost through these attacks, some estimate it may be as much as $5 trillion dollars each year.