Spear phishing, a highly-personalized form of email attack, is becoming an increasingly common problem for businesses. Attackers using this method research their targets and craft carefully-designed messages, often impersonating a colleague, website or business. The goal of these emails is to steal sensitive information such as passwords or financial information, which is then used to commit identity theft, fraud and other crimes.
The three most prevalent types of phishing attacks are brand impersonation, business email compromise, and blackmail. Tactics such as urgency, brevity and pressure are used to increase the likelihood of success.
Around 83% of spear-phishing attacks involve brand impersonation
Nearly 1 in 5 attacks involve impersonation of a financial institution.
Microsoft and Apple are the top two impersonated brands
Business email compromise attacks make up only 6% of spear-phishing attacks, but have caused more than $12.5 billion in losses since 2013
There are a few quick ways to inspect an email’s validity for evidence of spear phishing. Make sure to check for spelling mistakes within the body of the email, as there may be small errors that were overlooked. Also, make sure to hover over any links (don’t click!) to check that you’re being redirected to the appropriate website.
Below is an example of what a spear phishing attack may look like.