Avoiding a phishing email sent to ‘Dear Customer’ is one thing - what about phishing emails that are sent from your boss, and reference you by name? This month we’re taking a closer look at spear phishing. These are phishing emails that pertain to be from a manager, a CEO or someone in authority, and are directly aimed at you, the recipient.
What do we mean by spear phishing?
Spear phishing is a technique employed by unscrupulous individuals to get you to part with your hard earned cash - or if you’re an employee, get your business to part with its hard earned cash. Spear phishing is a little different from your average, run-of-the-mill phishing email because instead of contacting a few thousand different people, they’re just targeting one person. And if they’re just targeting a single person, they can be far more specific in their emails (and by extension, far more convincing).
To put it in literal fishing terms - if average phishing is a person throwing a huge net into the ocean, dragging it around a bit and seeing what comes back, spear phishing is a person waiting on a boat, watching a single fish, and getting ready to strike. With a huge spear.
Fishing metaphors aside, the way that a spear phishing email targets its victims is by selecting a business ahead of time (Transcendit, for example), assuming the persona of a manager or director in that company, and contacting someone else within the company to request a payment.
What does a spear phishing attempt look like?
As unscrupulous individuals seemingly never tire of sending us phishing emails, we can show you exactly what it looks like. This is the first email that one of our Directors, Lee, received from a spear phisher.
As you can see, unlike regular phishing, the email tag for the sender does indeed say ‘Adam Kuznesof’ - another one of Transcendit’s Directors. But the full email address is not Adam’s - instead of ending with @transcendit.com, it ends with @virginmedia.com. However, on some screens (particularly smaller devices) the full email address isn’t visible by default.
The phishing email doesn’t go in for the kill straight away. By asking the bank’s cut-off time for faster payments, the phisher is establishing trust with the recipient. This is an attempt to appear slightly more natural, and mimic a more normal conventional conversation.
Saying that, the phisher isn’t messing about with idle chit chat for long. We’ve removed the sort code and account number, but as you can see the phisher has immediately sent over the bank details for ‘Lemac Limited’. We did a quick search, and it looks as if this is a real company. However, the payee's name doesn’t have to be accurate for a bank transfer.
By asking for a faster payment, the phisher is reducing the amount of time that Transcendit have to contact the bank and prevent the transfer from going through (should the scam be discovered, that is).
How can I avoid spear phishing?
In many ways, avoiding a spear phishing attempt is far easier than a generalised phishing email - instead of calling Netflix or contacting your email provider to see if the account details really are wrong, all you need to do is get in touch with the person that the email pertains to be from. The best (and fastest) way to do this is via telephone, but if you do try to contact them by email make sure you don’t just hit reply - start a new email thread with the email address you have for the sender in your address book.
Ensuring that you, your colleagues and your employees have an explicit system when it comes to processing payments is the best way to avoid this scam. Slow down, read everything carefully, and if in doubt run it past your awesome IT support team.
Tweet us @TranscenditUK
