Advanced Phishing Lessons – How to Identify Spear Phishing

In today’s article, I’m going to talk about a rather uncommon type of phishing attack called spear phishing. What’s that you ask? Well, long story short, it’s when a hacker uses email spoofing to target a specific individual. Got your attention? Good, check out this short and sweet guide on spear phishing and how to protect yourself against such an attempt.

So, what do they do? Hunt you with a harpoon?

Not quite, but you’re close. Aaron Ferguson, an NSA agent and a teacher at the West Point Academy said that the emails used in spear phishing look like they’ve been delivered by big companies like PayPal, Netflix, Google, Amazon, Apple, or Spotify.

However, they may also take the aspect of more official emails (i.e., boss emailing you to ask you for your account’s username and password because the project you were working on must be delivered in a couple of hours). You can’t say no to that, can’t you?  To make things even more real, the hackers will also use your superior’s email signature.

You can very well guess that those credentials will never reach your manager.

Why is spear phishing that successful? Long before the attack, the hacker will try to collect ‘intel’ on his victim (i.e., name, address, position, phone number, work emails). When he has enough info, he will send a cleverly penned email to the victim.

To see just how effective spear phishing is, Ferguson set out to email 500 of his students. The emails look like they came from Colonel Robert Melville. The emails, which were spoofed, contained links to an exam result page. If a student clicked on a link, we would have received a follow-up message reading

During this time, your computer could have been infected with trojan, viruses, or ransomware.

Wrap- up

So, what is spear phishing? It’s a type of phishing attempt that it’s directed at a specific target. It doesn’t need to be fancy or refined, because the result is basically the same. How do you protect yourself against spear phishing? Don’t click on any in-mail links.  It doesn’t matter if the email is from your boss or the CEO of Netflix. What’s your take on spear phishing? Hit the comments section and let me know.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *