Spear phishing is a targeted form of email attack used to steal sensitive information through enticement, impersonation, or access-control bypassing techniques. In a normal phishing attack, the attacker sends the emails randomly to convince the victims to open an email containing the attachments with the embedded malware or links containing a virus. However, in the case of spear phishing, the attackers send the emails to the specific targets. Apart from using the fake links and the compromised attachments, they can use the socially engineered content rather than payloads, asking the victim to share the information like password, finance related stuff, or other sensitive information which is not supposed to be shared without proper consent.

How Spear Phishing Works

To identify a spear phishing email, it is important to understand how the spear phishing works. Spear phishing is a targeted email attack against a specific individual, group, or an organization. The attacker first collects the information about the target to win the confidence of the target. After acquiring enough information about the target, the attacker uses the deceptive cover to send the emails to the target recipients. The scary part of the attack is the legitimacy of the email address or the identity used in the email. The spear phishing attack is so sophisticated that the attacker is sometimes able to spoof the email address that is known to the recipient. The attacker gathers enough information to decide the most suitable time of the attack. Usually, the attack is launched when the recipient is expecting the email from the source that is spoofed or impersonated.

How to Identify Spear Phishing Attack

Although spear-phishing email attacks are very effective, there are ways to identify such emails. Following are the five ways to identify the spear phishing emails.

Check Sender Email Address and Name

Often, when we receive an email, we see only the sender name. The attackers can easily spoof the name of someone who emails you regularly. If you get an email asking you to share sensitive information that is not supposed to be shared via email or proper verification, don’t just believe the sender name; verify the email address as well. In some cases, the attacker manages to spoof the email address, but he does not know the exact syntax of the name used in the emails you usually receive from the sender. In that case, do verify the sender name as well.

Check the Email Format

In advance level of spear phishing email attack, the attackers manage to spoof both i-e the name and email address of someone you know or believe. In such scenarios, the format of the email can give you a hint about the legitimacy of the content shared in the email. If you observe the email format not matching with any of the emails you used to receive from that sender in the past, take further measures to confirm the legitimacy of the email. Such email can be a spear phishing attempt to trick you to share the sensitive information.

Ethical Hacking Training – Resources (InfoSec)

Make a Phone Call

A spear phishing email attack can be so lethal that it does not give any hint to the recipient. An attacker can be able to spoof the name, email address, and even the format of the email that you usually receive. In that case, if the demand in the email is sensitive and can lead to some bigger problems in case of information leak, don’t hesitate to make a phone call to the sender to confirm the legitimacy of the email and the information demanded.

Verify Shared Links

Sometimes, the attacker tricks you to click on a link shared via email. Even if you are sure about the sender email address and the name, make sure the link embedded in the hypertext does not lead to a fraudulent website or malicious code. The simple trick to identify the legitimacy of the link is by hovering over the link. It gives you a complete address of the link that you shall be redirected to after clicking. If you see the web address or the link path is suspicious, never click the links. Your one click can hijack your web browser, install malware in your system, and even get full control of your system and all the stored information. Sometimes, the address bar looks very familiar. In that case, make sure the page you are redirected to do not ask for the sensitive information like password or pin change of your bank account or similar actions. An attacker can even spoof the complete web pages of financial institutions. In such case, do make a call to your bank or finance department to confirm the authenticity of the email and the instructions mentioned in the email content.

Scan the Attachments

Some attackers manage to bypass all the filters to trick the users to download the email attachments and open them. These attachments may contain embedded malware, or they may demand you fill the forms including the sensitive information. In both cases, run the online virus scan tools to make sure the attachments are free from any virus or harmful code. In case of no availability of the online virus scanning tools, scan the downloaded files before opening them. The types of files an attacker can use are the obsolete versions of the documents like Microsoft Office, PDF, or it can an executable file in the shape of .PNG,JPEG,GIF, or similar extensions. There are some open source websites that offer to scan the documents against payloads running at the backend of the files. If the files are suspicious, you can even try these open source scanners to check the legitimacy of the files.

These are some of the basic tactics to identify the spear phishing emails. Although spear phishing is the lethal weapon of the modern cyber attackers, these common precautions can safeguard you and your organization from such attacks