Spear Phishing is a type of phishing attack that targets people through malicious emails. It is more of an attack on a specific person as opposed to regular phishing emails that seem to be less sophisticated and more of a broad net. This typically targets high net-worth individuals, companies, and organizations – where a group of hackers constantly attempt to gain access to their networks and important information.
Hackers really don’t have anything else better to do, it’s what they do all day long. They sit around and they think of ways to get people’s data. Their goal is to attempt and steal sensitive details such as: login credentials, or bank account information – and if they already targeted a specific person or company then that is what is defined as spear phishing. At some point, if there’s a large company with lots of employees, it’s very likely that they’ll be able to successfully phish someone and gain additional intel. It is more likely if the company does not have training to combat this worldwide problem.
Nearly $7 Billion was lost because of internet crime and hackers, which is up more than 60% from 2020.
According to IBM’s 2022 Cost of Data Breach Report, the use of stolen or compromised credentials remains the most common cause of data breaches. They were the primary attack vector in 19% of breaches this year – a tiny drop from 20% in 2021.
Phishing Becomes Costliest Breach Cause – While compromised credentials continued to reign as the most common cause of a breach (19%), phishing was the second (16%) and the costliest cause, leading to $4.91 million in average breach costs for responding organizations.
Despite the call for caution, and a year after the Biden Administration issued a cybersecurity executive order that centers around the importance of adopting a zero trust approach to strengthen the nation’s cybersecurity, only 21% of critical infrastructure organizations studied adopt a zero trust security model, according to the report.
I can give you one example where Covert Results was targeted as a business through Facebook. Upon first look at the email, it seemed very real and it even had a 10-digit Facebook report number in the header.
Subject: Facebook For Business (Confirm Your Account)
“Hi! We detected an unusual payment on your business account, your account will be disabled and the ads will be stopped until you click on the link and provide updated payment information” it stated simply.
Most businesses utilize Facebook and Instagram so if you’re running ads on these platforms then you are paying Meta to do so. Therefore, you probably have a payment method linked to your Meta account to run the ads.
These hackers tried to make Covert Results update their banking information through clicking the link and obtaining it. What gave it away was when looking at the sender’s email address, it was from an Outlook account. The email address has no direct ties to Facebook or Meta in that regard. It was obviously a phishing email, and it could likely be spear phishing where our business was specifically targeted. With that said, Covert Results saved the email address used by the hacker for future training, and promptly deleted the email.
Tips on How To Prevent Spear Phishing:
-
Spend time vetting an email
-
Beware of unsolicited emails, especially those that call for urgency.
-
Verify the email through a phone call or a face-to-face conversation.
-
Learn to recognize tactics that hackers use for spear phishing emails.
-
Refrain from clicking links or downloading any attachments in emails from an unknown person and unrecognized email addresses.
-
Simply delete unknown and unrecognized emails
-
Always update and change your passwords.
-
Look into using a VPN
-
Subscribe to any additional cyber security protection
-
Contact Covert Results for information on How To Prevent Spear Phishing through our VyprNest technology.
These are just some extra tips to prevent spear phishing, but it is not 100% fool proof. 74% of targeted attack attempts use email as an attack method. On average, over 100 Billion emails are sent and received daily. We need to practice heightening our common sense. Before you click on something, especially those asking for your personal information – always make sure it is legitimate in nature.
Covert Results is the premier private investigations, armed security, cyber security, and training company you’ve been searching for. Our team of highly skilled experts has amassed over 100 years of experience in all fields, from investigations to security concerns. Being a member and working within a global network called The Entrepreneurs Organization allows us to provide excellent service anywhere on Earth – truly bringing peace of mind through our world class services! Be sure to follow @CovertResults across Facebook, Instagram, and LinkedIn for the latest information regarding investigator expertise as well as lighthearted moments shared by our community! If you need us to guide you to that peace of mind you are looking for, call or text 615-861-1680 or email contact@covertresults.com.