Today, Spear Phishing has become one of the most popular forms of attack.
You may be familiar with phishing attacks. These are emails sent by cyber criminals to millions of potential victims around the world designed to fool, trick or attack them. Usually, these messages appear to come from a trusted source, such as your bank or someone you may know. The emails often have an urgent message or a deal for you that is simply too good to pass up. If you click on the link in a phishing email you may be .taken to a malicious website that attempts to hack into your computer or harvest your username and password Or perhaps the phishing email may have an infected attachment. If you open the attachment it attempts to infect and take control of your computer. Cyber criminals send these emails to as many people as possible, knowing .the more people that receive the email, the more people will likely fall victim While phishing is effective, a relatively new type of attack has developed called spear phishing.
The Spear Phishing concept is the same whereby cyber attackers send emails to their victim, pretending to be an organization or a person the victim trusts. However, unlike traditional phishing emails, spear phishing messages are highly targeted. Instead of sending an email to millions of potential victims, cyber attackers send spear phishing messages to a very few select individuals, perhaps five or ten targeted people. Unlike general phishing, with spear phishing the cyber attackers research their intended targets, such as reading the intended victim’s LinkedIn or Facebook accounts or any messages they posted to public blogs or forums.
Based on this research, the attackers then create a highly customized email that appears relevant to the intended targets. This way, the individuals are far more .likely to fall victim to the attack Effectiveness of Spear Phishing Spear phishing is used when the cyber attacker wants to specifically attack you or your organization. Instead of simple criminals out to steal money, attackers who use spear phishing have very specific goals, usually
This module is where employees learn to spot bait and traps commonly found in phishing, and more importantly, Spear Phishing emails and attacks. We offer two styles of education on this subject, an interactive training module and a character-driven training game. Both present examples of phishing emails and ask users to identify potential traps.