Spear phishing is a form of phishing attack that is targeted at an individual or a small group. Unlike broader phishing attacks that use pretexts that apply to many people (such as issues with online accounts or failed delivery notifications), spear phishing emails are based on in-depth research into a particular target.
For example, a spear-phishing email may be designed to imitate a legitimate unpaid invoice from an organization’s supplier. By sending a realistic email to the right person and including the attacker’s payment details instead of the supplier’s, the phisher has a much higher probability that the target will fall for the phish and send money to the attacker.
The Spear Phishing Threat
Spear phishing campaigns pose a major threat to companies because they are growing increasingly common and sophisticated. Business Email Compromise (BEC) attacks are a form of spear phishing in which an attacker masquerades as senior management and instructs an employee to send a payment to a particular vendor. BEC attacks alone cost an estimated $1.8 billion in 2020 of the estimated $4.1 billion in cybercrime-related losses.
Why is it Important to Protect from Spear Phishing?
Phishing attacks are a commonly used attack vector because they are simple and effective to perform. A phishing attack is designed to trick a human into doing the attacker’s job for them rather than attempting to gain access and execute malware by exploiting a vulnerability in an organization’s cyber defenses.
According to Verizon’s 2021 Data Breach Investigation Report (DBIR), phishing attacks are involved in over a third (36%) of data breaches. BEC and phishing attacks are the costliest causes of data breaches with average price tags of $5.01 and $4.65 million respectively. Phishing emails are also one of the most common delivery vectors for malware.
Spear phishing attacks are effective and extremely expensive for companies, and many employees simply cannot detect a sophisticated phishing attack. Protecting against the spear phishing threat requires companies to deploy security solutions that identify and block phishing attacks before they reach employees’ inboxes.
How to Protect Against Spear Phishing
Spear phishing attacks are tailored to their target, making them more difficult to detect than general phishing campaigns. However, companies can take several actions to help protect themselves against spear-phishing attacks, including:
- Email Scanning: Spear phishing emails use a variety of techniques to appear legitimate such as spoofing sender addresses. Scanning emails for potential indicators of phishing can help to detect and block these attacks.
- Employee Cyber Awareness Training: Phishing emails are designed to trick users into taking actions that hurt them or their organization. Training employees on the warning signs of phishing emails and how to properly respond to them is essential to managing the spear phishing threat.
- Malicious URL Detection: Spear phishing emails commonly contain malicious URLs designed to direct recipients to pages that steal login credentials or install malware. Organizations should deploy email security solutions that identify and block emails containing links to known-bad URLs.
- Relationship Monitoring: Spear phishing emails commonly break normal patterns of communication between people within an organization. By developing a relationship graph and identifying anomalous messages, an anti-phishing solution can flag emails that are likely to be spear-phishing attacks.
- Sandboxed Attachment Analysis: Phishing emails often have malicious attachments designed to look like legitimate files (such as invoices). Automatically inspecting these files within a sandboxed environment allows malicious files to be detected and scrubbed from emails before they reach a recipient’s inbox.
- Use MFA When Possible: Phishing attacks are often designed to steal a user’s login credentials for corporate systems or other login accounts. By enforcing the use of multi-factor authentication (MFA) wherever it is available and implementing it for corporate resources, an organization can limit the value of compromised credentials and the risk that they pose to the business.
Spear Phishing Protection with Check Point
Phishing attacks are a major threat to corporate cybersecurity, enabling cybercriminals to steal users credentials, plant malware on corporate systems, and steal money from companies. Spear phishing campaigns are a more targeted and sophisticated version of this, making phishing emails seem more realistic and difficult to detect and block.
The authenticity of spear-phishing emails makes them difficult for employees to identify, and cybersecurity awareness training alone is an inadequate anti-phishing strategy. Training efforts must be backed with anti-phishing solutions that identify and block attempted spear phishing attacks before they reach an employee’s inbox where the company can be compromised by a thoughtless click on a link or opening a malicious attachment.
Check Point, along with Avanan, provides robust protection for companies against a range of phishing threats. To learn more about how Check Point and Avanan’s Harmony Email and Office uses state of the art techniques to identify and block spear phishing campaigns, you’re welcome to sign up for a free demo.