Definitions

What is Spear Phishing?

What is Spear Phishing?

Spear phishing is a targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data. Unlike phishing scams, which cast broad, scatter-shot attacks, spear phishing hones in on a specific group or organization. The intent is to steal intellectual property, financial data, trade or military secrets and other confidential data.

This is how it works: An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware. These emails often use clever tactics to get victims' attention. For example, the FBI has warned of spear phishing scams where the emails appeared to be from the National Center for Missing and Exploited Children.

Many times, government-sponsored hackers and hacktivists are behind these attacks. Cybercriminals do the same with the intention to resell confidential data to governments and private companies. These cybercriminals employ individually designed approaches and social engineering techniques to effectively personalize messages and websites. As a result, even high-ranking targets within organizations, like top executives, can find themselves opening emails they thought were safe. That slip-up enables cybercriminals to steal the data they need in order to attack their networks.

How to Stop It

Traditional security often doesn't stop these attacks because they are so cleverly customized. As a result, they're becoming more difficult to detect. One employee mistake can have serious consequences for businesses, governments and even nonprofit organizations. With stolen data, fraudsters can reveal commercially sensitive information, manipulate stock prices or commit various acts of espionage. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks called botnets that can be used for denial of service attacks.

To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus emails landing in their inbox. Besides education, technology that focuses on email security is necessary.


Other articles and links related to Definitions



© 1997 – 2014 Kaspersky Lab ZAO

All Rights Reserved. Industry-leading Antivirus Software