Spear phishing attacks are the latest technique used by computer hackers to gain access to secure enterprise networks. Unlike common phishing attacks which target millions of users, spear phishing attack is focused on one end-user or an organization at a time, and typically asks for login IDs and passwords.
Spear phishing is time-consuming attack which requires computer hackers study the target company and gather as much information as possible on the structure of the company and its personnel from public available sources such as articles, company web site and telephone inquires.
After a successful spear phishing attack, the attacker installs malicious software that gathers and extracts sensitive private and corporate data, often sold to third parties or used for identity theft.
“With spear phishing attacks growing in number, employees receiving seemingly legitimate email requesting sensitive data should validate the request with the sender,” said Ted Green, CEO of SpamStopsHere. “More often than not, a potential corporate tragedy can be avoided by simply picking up the phone. Employee education is the most effective weapon in thwarting spear phishing attacks.”
The sharp rise in spear phishing attacks – have increased 10-fold since January 2005 – caused security directors to adapt new security strategies and evaluate their existing security program and protocols. Companies are even required to launch faux attacks on their employees to examine their reactions.