Are your employees on the lookout for spear phishing emails? Could they spot and prevent one if an attempt is made?
91% of targeted attacks involve spear phishing emails. (Trend Micro)
We're unfortunately seeing an increase in clients falling prey to a common phishing technique called spear phishing. Unlike the wide net cast by other common phishing attempts, spear phishing is directed at specific individuals or companies.
The latest twist on phishing is spear phishing. No, it's not a sport, it's a scam and you're the target. Spear phishing is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. (Norton)
A spear phishing attack is typically in the form of an email designed to look like it's from a colleague or boss. Attackers often also gather personal information about their target to increase their probability of success. The email will then ask for sensitive information or convince the recipient to perform a harmful task like transferring funds to what looks like a legitimate account.
Spear phishing is effective: despite deploying traditional security solutions, 84% of respondents experienced spear phishing attacks that penetrated their security solutions. It’s also costly: Of those experiencing attacks over the last 12 months, 81% suffered some negative impact as a result, with an average financial cost of $1.6 million—and some losses in the tens of millions of dollars. (Infosecurity Magazine)
How to Prevent a Spear Phishing Attack
Having an email security solution is place is critical ( - we can help with that!), but the main prevention method is still end user education. These emails look very legitimate and typically have a small typo in the domain name of the sender which is hardly noticeable to the eye. If you see anything that looks suspicious, like requests for sensitive information, passwords, to move money, etc., call the source (don't reply to the email) to verify the email is legitimate. This article from Norton has more important tips to identify and avoid spear phishing email scams. Better safe than sorry!
Check out this infographic for more stats on the prevalence and danger of spear phishing attacks: