Spear Phishing Concept and Methods of Combating It

on

What Is Spear Phishing?

So, the target of phishing (a portmanteau of spear phishing.) - a type of online fraud in which an attacker gains access to the secret (confidential) files of a particular user. Unlike classical phishing, here the hacker impersonates your acquaintance or a person whom you completely trust in life.


Spear Phishing


Such hacker attacks allow not only taking possession of the confidential data of a certain user, but also gaining access to secret financial files, disclosing information that belongs to the category of trade secrets, and the like.


The attack is carried out through a simple e-mail, allegedly sent by a person familiar to the victim of the attack. But it was created by an outsider and contains instructions for performing a certain action or issuing specific information.


The realization that you are the victim of such an attack does not come immediately. Only after the discovery of suspicious financial transactions or sudden damage does a person understand that the recently opened letter did not just seem suspicious, but was.


Spear Phishing Protection: Security Testing

There are the following technical protection methods:


  1. Checking spam messages. This functionality must be installed on the mail server, for example, for incoming letters. It is also useful if you are testing an online store, and specifically the logic of processing a text order through special forms. Some of the currently known phishing emails can be identified by their content. You have to be careful, as such emails may, at first glance, seem like a perfectly adequate client message. In this case, false positives of the validator cannot be avoided.
  2. Testing addresses of senders of letters. The real sender and the one indicated in the email header may not match. It is worth checking carefully that the company domain is spelled correctly because even changing one character to a similar one (using the English letter "c" instead of "c" Russian, for example) can provoke a hacker attack.
  3. Testing of attachments in emails (performed in the so-called sandboxes). Before the addressee receives an incoming letter with an attachment, it should be carefully checked for free antivirus software or run in a sandbox.
  4. Checking the logic of blocking emails containing suspicious links or strange attachments in files. Such protection allows you not only to filter letters with suspicious content but is also the key to successfully combating potentially large-scale vectors of hacker attacks.

If You Receive a Suspicious Email

No matter how thoroughly the email service is tested, a suspicious letter can still end up in a virtual mailbox. So, you should also pay attention to such things as:


From the sender's side

  • The letter was received from a person whom you do not know or contact very rarely;
  • You do not trust the sender, do not do business with him, or have never had any contact at all;
  • You know the sender, but the writing style is very suspicious;
  • The domain of the sender's email address appears with an obvious grammatical error.

From the recipient's side

  • The letter is addressed not only to you but also to other people with whom you are not familiar.

Links

  • The letter contains a link, but when you click on it, the system redirects you to a completely different address;
  • The letter contains only a link;
  • The link contains an address that looks similar to a popular site, but it contains an obvious grammatical error.

Pick uptime

  • For example, the recipient of the letter is a company manager who suddenly sees an incoming letter from another employee of the company, but is sent very late at night.

The essence of the letter

  • The subject of the letter does not correspond to its content;
  • The subject is displayed as if it were a reply to an email that the user never actually saw in their eyes.

Content of the letter

  • The letter contains an urgent appeal to follow the links provided to avoid something global and negative;
  • There are many mistakes in the text and its style raises questions;
  • The sender urges you to send your data or confirm the verification he needs by SMS.

Naturally, it is not enough just to know these rules. Such information should be communicated to all members/employees of a particular company who use the joint mail service.


It is certainly easier to counter an attack when it is clear what might happen. Within product companies, it is very useful to conduct so-called sociotechnical testing to understand that this information has been successfully understood and assimilated.


Outcome

Testing social engineering attacks is very difficult from a practical point of view since the ultimate boundary of attacks is a simple use of a virtual mailbox. Hackers can know all the available methods of attacks and how to counter them, and therefore create variations of their bypass.


However, performing the required checks at least at a basic level is a prerequisite, which reduces the percentage of success in carrying out such attacks on a person's confidential data.

Comments

Post a Comment