Spear Phishing: Reeling in the Big Corporate Catch

Published 10/25/2021, 9:00am

Malware and ransomware may involve some fancy–albeit malicious–code, but for the vast majority of cybercriminals, phishing still remains the most common cyberattack type according to recent FBI research.

In particular, spear phishing (a type of targeted and focused phishing attack) continues to wreak havoc with businesses. In GuidePoint Security’s new white paper, we take a deep dive into the threat known as spear phishing to help businesses better understand how spear phishing works and what can be done to defend against it. Here are some key highlights:

Four Key Spearphishing Attack Types

There are four primary spear phishing attack types:

1. Credential Harvesting—Credential harvesting involves socially-engineered emails that pretend to be from a legitimate organization (e.g., an HR system, email system, or financial entity) and request credentials—either in the email or through a link. 

2. Malicious Link Compromise—Malicious link compromise is related to credential harvesting. In this type of spear-phishing attack, threat actors create malicious URLs with the intent of convincing the victim to provide sensitive information, such as credentials. Malicious URLs are also used in phishing and spear phishing attacks to promote scams or deliver malware. 

3. Malicious Attachment Compromise—This technique involves sending the intended victim an email containing an attachment with malicious code embedded in it. When the attachment is opened, the code executes and delivers the dangerous payload. Business Email Compromise (BEC).

4. Business Email Compromise (BEC)—This approach involves spoofing the email address of a high-profile person (usually an executive) and then using the spoofed email address to send a fake email to someone else in the company. The fake email usually requests a wire transfer of a large sum of money or sensitive employee information, such as social security numbers and birth dates.

The Phases of a Spear Phishing Attack 

A spear phishing attack usually follows four key phases:

1. A pre-attack phase in which the malicious actor decides to target the agency, followed by information gathering on employees and executives, often through public social media sites like LinkedIn or Facebook.
2. An initial attack phase involving imposter email creation, the development of malicious links and attachments, and the distribution of the emails.
3. In the user action phase, the victim fails to recognize that the spear phishing email is fake and initiates the malicious action intended by the threat actor.
4. In the post-attack phase, the threat actor leverages the information collected for further attacks or compromise.

Spear phishing attacks can be challenging to defend against as cybercriminals become better at social engineering. Download the new white paper to learn more about these attack types and phases and what businesses can do to help prevent and mitigate spear phishing attacks.