Generally, Phishing attacks involve sending mass E-Mails out; in other words, there is not one targeted individual or organization.  Whatever contact information the Cyber attacker can get their hands on is used.  But in the recent past, there appears to be a new trend developing where hundreds of targeted emails are sent to an organization and tailored specifically for those recipients. All the attacker needs are one person in that organization to open and click on the link or attachment to be successful.  This tactic is known as “Spear Phishing”.  It can be defined specifically as follows:

“It is a phishing method that targets specific individuals or groups within an organization. It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss.”

(SOURCE:  https://www.trendmicro.com/vinfo/us/security/definition/spear-phishing).

Thus, in these instances, the Cyber attacker has already done their research ahead of time and knows who or what they want to specifically target.  In a way, this is similar to that of Business E-Mail Compromise (BEC) attack, in which the C-Level executive is primarily targeted to transfer funds.

 

Why Is Spear Phishing So Successful?

So how is that the Cyber attacker is so successful when launching these kinds of campaigns?  First, they are consistently sharpening and refining their skills in conducting the research needed in order to launch a laser-focused attack.  Second, the Cyber attacker does not rely upon the fancy technology in order to execute a Spear Phishing campaign.  Rather, they rely upon the old old-fashioned techniques of Social Engineering in which to thrust their attacks forward. 

The Cyber attacker demonstrates a considerable amount of patience.  For instance, they spend an enormous time researching their primary target.  They are in no rush to get this task accomplished.  The more accurate the information that they have, the greater the statistical probability that their well-crafted E-Mail will make it through the Spam Filters. 

They often rely upon Social Media sites that the individual or even the organization uses.  They try to glean as much contact information as possible.  Also, the use of Internet-based background searches is a commonly used tool as well.

 

What Is the Spear Phisher After?

So, what is the Cyber attacker exactly looking for when launching a Spear Phishing campaign?

There are three main items of interest:

 

Money, Money, Money and lots of it:

While other Phishing based campaigns focus on getting any kind of personal information and data, the Cyber attacker, in this case, wants just one thing: Your cash.  As a result, they tend to target the following:

  • Credit card companies;
  • Insurance organizations;
  • Credit Unions;
  • PayPal;
  • Amazon.

In their Spear Phishing E-Mail, the Cyber attacker does not traditionally attach a .DOC or .XLS file.  Rather, they will instead attach a .HTML file, or include the relevant HTML data in the body of the message.  If the victim either downloads this particular attachment or clicks on the link, then he or she will be taken to a very authentic looking but spoofed website in which they enter in their password.  From this point, the Cyber attacker then hijacks it and logs into whatever online financial account they know that the victim possesses and steals as much money as they possibly can.  According to the FBI, over 7,000 financial related institutions have been targeted since 2015, which has resulted in a loss of well over $612 Million.

Conclusions

In our next blog, we will examine the remaining two areas of interest of the Spear Phisher, and some recent examples of it.