Spear Phishing E-Mails: my email was hacked!
Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Spear-phishing attempts are not typically initiated by random hackers, but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.
No, your email was not hacked. You are a target of a spear phishing attack. If you and your team are well trained and aware of this, there is nothing to worry about.
This is how it works: you receive an email from your boss or a high-ranking person in your company asking you to prepare a wire-transfer, or to purchase 100 Apple Music Gift Cards. The email looks legitimate, his signature is on the email, sometimes with your company logo. It looks legitimate but your Spidey senses go up and your reply asking him/her to confirm. They replay saying “Yes, and do it now!” Only it is a spear phishing attack!
Cybercriminals using spear phishing will research their targets: going to the company website to find out who is in charge and who oversees the money (Accounting, Finance Dept., etc.) They will go to Linked-In to get your logo, find out titles, co-workers, email formats, etc. Once they have a good idea of your company, mostly from free and open to the public sources, they will craft a bogus email, usually from an open email provider like gmail or yahoo, or from a hacked domain like chileflowers.com.cl, and send the email. They will disguise the sender’s email with the boss’ name, knowing that the majority of people do not check the actual email or have a setting on their webmail to only show the name of the sender.
Many times, government-sponsored hackers and hacktivists are behind these attacks. Cybercriminals do the same with the intention to resell confidential data to governments and private companies, or just for immediate financial gain. These cybercriminals employ individually designed approaches and social engineering techniques to effectively personalize messages and websites. As a result, even high-ranking targets within organizations, like top executives, can find themselves opening emails they thought were safe. That slip-up enables cybercriminals to steal the data they need in order to attack their networks.
Phishing vs. Spear phishing vs. Whaling
This familiarity is what sets spear phishing apart from regular phishing attacks. Phishing emails are typically sent by a known contact or organization. These include a malicious link or attachment that installs malware on the target’s device, or directs the target to a malicious website that is set up to trick them into giving sensitive information like passwords, account information or credit card information.
Spearphishing has the same goal as normal phishing, but the attacker first gathers information about the intended target. This information is used to personalize the spear-phishing attack. Instead of sending the phishing emails to a large group of people, the attacker targets a select group or an individual. By limiting the targets, it’s easier to include personal information — like the target’s first name or job title — and make the malicious emails seem more trustworthy.
The same personalized technique is used in whaling attacks, as well. A whaling attack is a spear-phishing attack directed specifically at high-profile targets like C-level executives, politicians and celebrities. Whaling attacks are also customized to the target and use the same social-engineering, email-spoofing and content-spoofing methods to access sensitive data.
What you can do
All the technology in the world is not a substitute for the human brain. If it looks suspicious, it probably is. If you get a spear phishing email, pick up the phone and call your boss asking to confirm the unusual request. Check the actual email address that sent it to you. Is it the correct one boss@myfirm.com or is it a random domain like yourbossname@gmail.com ?
Finally, there are some technology solutions that can help. Setting up DMARC records in your DNS to verify that the sender’s email server is indeed who they say they are, setting up rules to identify in the email message subject that it came from an outside organization instead of your internal domain, and others. Contact SkyViewTek today for more information. Call 610-590-5006 or email support@skyviewtek.com or click here.