Triskele Labs Blog

Spear phishing - the truth behind email scams

Written by Nick Morgan | Sep 10, 2019 10:55:00 AM

Email scams are something many of us are familiar with. Indeed, if you own a working email address and happen to take a quick look at your spam folder or even your inbox, from time to time, you will find blatantly obvious emails promising you millions of dollars if you follow through on a seemingly harmless action.

Thanks to even a limited understanding of cybersecurity, we see these for what they are. Did you know, though, that there’s an entirely different breed of these emails that come in the form of spear phishing?

Spear phishing is where an email or any form of electronic communication is used to carry out a scam targeted at a particular individual, organisation or business. While the purpose of carrying out these types of attacks may vary, the primary motive is to either steal data or install malware on a target’s PC.

Continue reading our post to find out everything you need to know about spear phishing.

WHAT DOES SPEAR PHISHING LOOK LIKE? 

These types of emails generally appear to be from a trusted source or even someone you know. 

What these emails will do is either get you to yield sensitive information including login details or credit card information or lead you to a seemingly harmless website that, in reality, is full of malware. 

These emails can even appear to be from someone from your own company. If you receive electronic messages requesting you to divulge certain confidential information, therefore, make sure you first check with the sender, through another form of communication, whether they actually sent the email in question and why they need this information.

WHO IS BEHIND THESE ATTACKS?

Apart from your average, run-of-the-mill cyberterrorists, you also get hacktivists or government-sponsored individuals behind these types of attacks. 

Through the use of social engineering techniques, which is the psychological manipulation of individuals to compel them to perform certain actions, electronic messages are personalised and are highly targeted to the intended victim. 

These are done so well that many times, these kinds of attacks are successful, resulting in many prominent cases of spear phishing. In fact, Austrian aerospace executive, Walter Stephen, lost around $47 million during his tenure as CEO of FACC, an aerospace and defence company responsible for manufacturing aircraft components for Boeing and Airbus.

A cybercriminal merely guessed Stephen’s email, created a convincing look-alike email and then targeted a junior accountant in the company. The email asked the accountant to transfer this sum of money to an unknown bank account as part of an acquisition project. 

To this day, it is believed that the company has only retrieved around one-fifth of the loss. Stephan was fired from his position as CEO as a result of the scam.

WHAT CAN YOU DO TO PROTECT YOUR BUSINESS AGAINST THESE EMAIL SCAMS?

If you’re keen on avoiding a similar fate, there are a few things you can do at the corporate level to ensure that neither yourself nor your employees fall for spear phishing.

  • Confirm suspicious electronic messaging

Employees must be advised to check with senior managers or other colleagues about any suspicious emails before they follow through on any requested action. While this may create some delays, it’s far better to be safe rather than sorry.

  • Keep systems up-to-date with updated security patches

Each employee must check their OS, whether Windows, Apple, Linux or other systems, for the latest security patches to ensure that their systems are not a beacon for malware or any other type of cybersecurity attack. 

  •  Encrypt sensitive information

Encryption is essential to protect confidential data from prying eyes. Even if cybercriminals get their hands on this information, it limits what they can do with it or what they can actually access. 

Make sure you choose a powerful encrypting tool that stays up-to-date with the latest encryption standards.

  • Practice multi-factor authentication (MFA)

Another way to ensure that your company does not fall prey to spear phishing is to implement MFA, especially when it comes to email access or file or information transfer. While this can’t completely insulate you from risk, it ensures, to a high degree, that you’re receiving electronic communications from the right people. 

Make sure that MFA has more to do with OTPs or PIN codes rather than surface-level security questions.

  • Educate employees

Education is ultimately the best remedy against these types of email scams because once your employees know what to be on guard against, it becomes difficult for cybercriminals to infiltrate your business or bank accounts. 

BE ON GUARD AGAINST SPEAR-PHISHING WITH TOP-NOTCH CYBERSECURITY SUPPORT

At Triskele Labs, our business revolves around protecting companies from these types of threats. With our Australian-based SOC, we carry out threat detection, incident response and other services that protect you from the ever-present threat of email scams.

Contact us today to find out how we can help you prevent spear phishing.