Spear phishing attacks continue to increase in popularity among cybercriminals, and businesses must take steps to protect against them or risk seeing sensitive information stolen, according to a Tuesday report from Barracuda.
These highly personalized email attacks involve a hacker researching their target and creating a message often designed to impersonate a trusted colleague or business to steal sensitive information, which is then used to commit crimes like fraud and identity theft, the report noted.
Spear phishing attacks are particularly dangerous because they are designed to get around traditional email security like spam filters, the report found. They typically do not include malicious links or attachments, but instead use spoofing techniques and zero-day links that, combined with social engineering tactics, are unlikely to be blocked. (Read about the most clicked phishing email subject lines.)
SEE: Incident response policy (Tech Pro Research)
Of the 360,000 spear phishing email attacks examined by the report over a three-month period, the most common type of attack by far was brand impersonation (83%). Brand impersonation attacks attempt to impersonate a well-known company to gain a target’s credentials and take over their account. These attacks have also been used to steal personally identifiable information like credit card and Social Security numbers. Microsoft and Apple are the most commonly impersonated brands used in these attacks, the report found.
Business email compromise (BEC)–also known as CEO fraud–is the second most common spear phishing attack type (11%), the report found. Cybercriminals use these attacks to imperseonate an executive and request a wire transfer or personally identifiable information from finance department employees or others. While BEC attacks make up a relatively small percentage of the total, they have caused more than $12.5 billion in losses since 2013, according to FBI statistics cited in the report.
Finally, 6% of spear phishing attacks are blackmail scams, in which hackers claim to have compromising information about their target and threaten to share it unless they pay a fee.
Best practices to avoid spear phishing
Avoiding spear phishing attacks means deploying a combination of technology and user security training. Here are eight best practices businesses should consider to protect against these attacks, according to the report.
SEE: Security awareness and training policy (Tech Pro Research)
1. Take advantage of artificial intelligence (AI)
Find a solution that detects and blocks spear phishing attacks including BEC and brand impersonation that may not include malicious links or attachments. Machine learning tools can analyze communication patterns in an organization and spot any anomalies that may be signs of an attack.
2. Don’t rely solely on traditional security
Traditional email security that uses blacklists for spear phishing and brand impersonation detect may not protect against zero-day links found in many attacks.
3. Deploy account-takeover protection
Find tools that use AI to recognize when accounts may have been compromised, to avoid more spear phishing attacks from originating from those accounts.
4. Implement DMARC authentication and reporting
DMARC authentication can help prevent domain spoofing and brand hijacking, which are common techniques used in impersonation attacks.
5. Use multi-factor authentication
Multi-factor authentication adds another layer of security over a simple username and password, and is an effect security measure.
6. Train staffers to recognize and report attacks
Identifying and reporting spear phishing attacks should be part of any security awareness training. Businesses can use phishing simulations for emails, voicemails, and text messages to train users to identify them as well. Businesses should also have procedures in place to confirm any monetary requests that come via email.
7. Conduct proactive investigations
Because spear phishing attacks are so personalized, employees may not always recognize or report them. Companies should conduct regular searches to detect emails with content known to be common among hackers, including subject lines related to password changes.
8. Maximize data-loss prevention
Combine technology solutions and business policies to ensure emails with confidential or sensitive information are blocked and do not leave the company.