Spear phishing attacks have been steadily rising and now they are proliferating at such an alarming rate that the FBI has issued a warning about them.
Like traditional or “wide net” phishing attacks, spear phishing attacks try to trick people into handing over log in credentials, credit card numbers, and other sensitive data, but the cybercriminals behind spear phishing attacks carefully tailor them to a specific group of people, for example CEOs, financial advisers, or customers of a certain financial institution.
“Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated. The e-mail contains a link for completing the update. If victims click the link, they are taken to a fraudulent website through which malicious software or malware harvests details such as the victim’s usernames and passwords, bank account details, credit card numbers, and other personal information. The criminals can also gain access to private networks and cause disruptions, or steal intellectual property and trade secrets,” the FBI stated.
Spear phishing has grown in popularity because the chances of such attacks being successful are greater than those of traditional spear phishing attacks. The more carefully crafted and targeted an attack is, the more legit it seems to the recipients. This means a greater likelihood that the phishers will be able to collect data they can use to clean bank accounts, log into private networks and peruse confidential documents, or sell on the black market.
Phishing attacks are becoming more and more sophisticated. At one time it was easy to spot them due to the broken English and horrible grammar used in them, but these days they are often in perfect English with very convincing corporate letterheads, and thanks to various data breaches, they may even contain user names instead of the generic “Dear User”. It’s very important to make sure your employees are educated in how to spot and avoid phishing attacks and equally important to have a response plan in case your company is brandjacked for one of them. In order to stay one step ahead, you’ve got to stay informed!