December 3, 2019

Spear Phishing 101.

Spear Phishing Emails, Examples, and Prevention

Perception Point Research

What is Spear Phishing?

Spear phishing is a cyber-crime that targets a specific individual, a group of employees from the same company or even a specific organization as a whole, via an email, messaging platform or any other communication and collaboration channel scam. The usual goal of a spear phishing attack is to steal users’ credentials, although in some cases, it may also be to install malware or spyware on a specific user’s device.

As evident by its name, the term spear phishing is a subcategory of the more widely used term – phishing, and as such, share many characteristics.

Almost always, phishing attacks will appear to come from a trusted source. Additionally, they usually require an action of some sort (installing software, clicking on a link, filling out a form).
Lastly, they both will use social engineering to trick the end user – for example, using an air of urgency—something needs to be done as soon as possible or risk a crisis, even if it breaks established protocols.

So how they are different? First and foremost, the two diverge in the scope of the attack. Phishing attacks cast a wide net — a fraudster will send out an email blast to see who bites. Spear phishing attacks, on the other hand, are highly targeted and have specific goals in mind (altering records, installing malicious spyware, accessing financial terminals).

Moreover, phishing emails tend to give themselves away because they often are riddled with poor, grammatically incorrect, and typo-filled language. Spear phishing will usually be executed by a bit more sophisticated, or at least more details-oriented, actors. Meaning, the content will be more refined and well-written, will include high-quality logos pictures or any other artifacts, and will also be more personalized – pressing all the right points of the end user and using names, positions and content this is more likely to make sense with the targeted recipient.

Spear phishing is dangerous because unlike regular phishing attacks, the highly targeted and specific nature means fraudsters are after something in specific and did some research to meet their goal. This directly translates into higher “success rate” for the attacker and accordingly bigger damage to the target.

According to Symantec’s 2018 Internet Security Threat Report, a staggering “71.4% of targeted attacks involved the use of spear-phishing emails”. Vanson Bourne conducted a survey that found that the average cost of a spear phishing attack on a US business was $1.8 million.

How Does a Spear Phishing Attack Work?

Spear phishing falls under the category of social engineering that includes a phishing URL. In this attack fraudsters are researching and learning about their targets and adjusting all of the elements of the attack to feel as authentic as possible. For example, the email from whom it arrives or the design of the phishing site.

The first step is typically to create an email account and email that looks and feels official. Common strategies involve slightly modifying email addresses (for instance, changing to or using general email notifications such as or ).

In some cases, the email will come from a “superior” or an otherwise interested party that has an urgent request (a transfer that “must happen today” or a password reset “that’s crucial to avoid hacks”), but which goes against established protocol. Even if the victim shows initial hesitation, they may be reassured when they call the number in the mail or reply to find that everything is seemingly in order. However, this is still part of the attack, and usually results in success.

Additional re-assurance comes from the targeted nature of the site. For example, the site is a well-designed log-in to “Microsoft” for an organization that uses Office 365 (vs. mass phishing emails where people are asked to login into G Suite even though they are Microsoft users).

Spear Phishing Example

Our system has been identifying spear phishing campaigns on an hourly-basis. Below is one example of a basic spear phishing attack using a service that we all know – Netflix.

In this attempt, the attacker targeted several users from a specific group of employees in one of our clients. In addition, unlike many general phishing campaigns, the attacker not only used a malicious email, but rather also used another attack technique: spoofing the email address, making the attacker a bit more complex, and subsequently, harder to identify by the end-user.

Once the user clicks on the URL, a fake, relatively highly designed Netflix page will show-up with a payment update dialog.

Perception Point detected this attack with two different engines. Firstly, our Domain Look Alike engine identified the attempt as spoof for Netflix. Secondly, our proprietary image recognition engine detected the site as an attempt to steal the the end-user’s payment credentials.

How to Prevent Spear Phishing

Even with the heightened risk, you can still protect your organization from spear phishing by being vigilant and safe. Here are some best practices you can implement:

1) Don’t click suspicious links in emails

One of the downsides of today’s easily accessible digital world is that it’s easy to misdirect and mislead anyone to a desired location. For spear phishers, an email is only the bait, while the links are the hook. A link in a spear phishing attack will supposedly lead you to a safe destination (“click here to access your security settings”) but actually lead to a URL where your information can be stolen or malware is quietly downloaded. Any time a trusted source sends links that seem out of place, either contact them asking what the link is (via another channel, preferably), or log on to their websites to verify. A simple phone call can save you significant headaches.

2) Have clear protocols in place

Spear phishing attacks rely on carelessness or ignorance of protocol to succeed. Indeed, these attacks are often characterized by a request to break established protocols for a seemingly innocuous reason.

3) Embrace emerging technology

Tools like machine learning and artificial are significantly better at finding incongruous information in emails and can help reduce the likelihood of attacks significantly. Using AI-based tools can help reduce the likelihood that emails will even penetrate an initial scan. Similarly, machine learning algorithms can teach defense systems to detect new attacks and constantly adapt to different threats.

4) Allow end-user reporting

Deploy solutions that allow the end-user to report any suspicious link or email. This will help you mitigate the risk of an end-user clicking on a malicious email and will also help the IT/Security team to understand what gets through the system and see what might fool users.

Additionally, you should invest in a security tool such as Perception Point. The platform offers real-time protection, 100% threat visibility, and blazing fast prevention scans which can take as little as 15 seconds. Implementing the right tools to help your organization prevent spear phishing attacks is a key step. While we may be more alert and cautious, detecting every threat requires a powerful platform and the enforcement of security best practices.

Contact Us

Connect with our team to:
* Learn more
* Get a live demo
* Get a quote
* Set up a free 30 day trial

We will respond to your enquiry within 24 hours.
Link has been copied to your clipboard!