Text Only

Information Security Tips (September 2023) – Beware of Spear Phishing

  • What is Spear Phishing Attack?

Spear Phishing is a specific type of Phishing Attack that targets individuals or organizations with the intention of deceiving them and gaining unauthorized access to sensitive information. Unlike regular phishing attacks, spear phishing is more personalized and involves tactics such as impersonation, enticing bait, and finding ways to bypass security measures like email filters and antivirus software.

Although general Phishing and Spear Phishing employ similar techniques, there are distinctions between them. General Phishing attacks are typically straightforward, aiming to acquire the victim’s information, such as online banking credentials, to fulfill their objectives. In contrast, spear phishing attacks go beyond simply obtaining login details or personal data. They serve as a gateway for attackers to gain initial entry into the targeted network and act as a stepping stone for subsequent Targeted Attacks

  • How does Spear Phishing Work?

Spear phishing attacks specifically aim at targeting individuals within an organization or institution, including their social media accounts like the organization’s website, Twitter, Facebook, and LinkedIn. The attackers invest time in creating persuasive email content and may include harmful attachments or links in the emails. When the recipient opens such attachments or clicks on the links, it can trigger the execution of malicious code or redirect the user to a compromised website. This provides an opportunity for the attacker to establish a hidden communication network and advance to the next stage of the attack.

  • How to Prevent Spear Phishing?

To thwart spear phishing attacks, UM employs several layers of protection, empowering system administrators with enhanced visibility and control over the network. This approach minimizes the risk of targeted attacks and mitigates various attack vectors.

Nonetheless, the most pivotal factor in defense lies in the information security awareness of employees and students. By diligently observing spelling mistakes, peculiar language, and other suspicious indicators in emails, individuals can partially shield themselves against spear phishing attacks.