What Is Spear Phishing
Spear phishing is a kind of wire fraud when a hacker gets access to secret (confidential) files of some user. Unlike the classic phishing, here a hacker represents oneself as your friend or someone you completely trust.
Such hack attacks can not only get some user’s personal data but also get access to secret financial files, disclose the information which refers to commercial confidentiality, etc.
The attack is carried out with a simple email that was sent by a person who is supposedly a victim’s friend. But in fact, a stranger sent this letter which consists of instructions for some actions or releasing of particular information.
You realize that you’ve become a victim only after a while. When a person sees suspicious financial transactions or unexpected harm, he/she understands that a recent email was really doubtful.
Protection From Spear Phishing: Security Testing
There are the following protection technical methods:
- Testing of spam messages. This functionality has to be set on a mail server, for example, for incoming letters. Also, it is useful if you test online shop and logic of text order processing through special forms. Some parts of now known phishing letters can be identified by their content. You have to be careful because such letters can seem ordinary client messages. In this case, one cannot avoid validator false operation.
- Testing of the senders’ addresses. The real sender and the one given in the letterhead may differ. You should carefully check if the company domain is written correctly. Even if one symbol is changed to a similar one (for example, an English “c” letter instead of Russian “с”) can lead to a hacking attack.
- Testing of the attachments in letter (is performed in so-called sandboxes). Before the recipient gets the incoming letter with an attachment, it has to be checked well or run in the sandbox.
- Testing of the blocking functionality of letters that include strange links or attachments. Such protection allows no only filtering letters with distrustful content but is also a guarantee of successful dealing with potential hack attacks.
If You Got a Strange Letter
Even if the email service was tested perfectly, a strange letter could still come to one’s virtual mailbox. It means, it is quite important to pay attention to the following:
From the sender’s side
- A letter is from an unknown person or from someone you rarely contact with;
- You don’t trust sender, don’t have business dealings with him/her, or you haven’t connected before;
- You know the sender but letter style is too strange;
- The domain of the sender’s mail address has obvious grammar mistakes.
From the receiver’s side
- The letter is addressed to you and to other unknown people for you.
- A letter has some link but when you click on it, you are redirected to a completely different address;
- A letter has the link only;
- A link contains the address which is similar to the popular site but with some grammar error.
- For example, a company manager receives a letter from some co-worker at the late night.
- The subject of the mail doesn’t correspond to its content;
- It is displayed like a response which the user never received.
- It says to follow some link in order to avoid something huge and negative;
- The text has a lot of errors and its style is doubtful;
- Sender strongly requests you to send your personal data or pass verification via message.
Obviously, it is not enough to know these rules. This information has to reach all the company employees who use one mail service.
No doubt, it is easier to deal with an attack when you know what may happen. Also, it is good practice to perform so-called social testing inside a company in order to make sure that the necessary information was successfully understood.
Testing of the social engineering attack is a very difficult task because the final attack line is an ordinary user of the virtual mailbox. Hackers can know all possible methods of attack and ways of dealing with it. Hence, they may know how to avoid these ways.
Despite this fact, it is significantly important to perform needed tests at least on a basic level. It reduces the chance that such attempts will successfully get one’s personal data.