Spear-Phishing
Email’s Not As Innocent As It Seems
In order to get inside an organization, attackers often employ spear phishing, which uses social engineering to target specific individuals with legitimate-looking emails. These emails are designed to entice, or fool, victims into clicking a link or downloading a file, which then infects their systems and continues to spread, infecting more and more users.
Rising Targeted Spear Phishing Campaigns
In 2015, targeted attacks increased by 55 percent. The last five years have seen a steady increase in attacks targeting businesses with fewer than 250 employees; 43 percent of all attacks targeted small businesses in 2015.
Spear-Phishing Attacks By Size of Targeted Organization
As attacks against businesses of all sizes continue to increase (55 percent in 2015), attacks against small businesses comprise a bigger share.
Spear-Phishing Email Used in Targeted Attacks
Microsoft Office documents such as Word and Excel remain popular delivery mechanisms for exploits by dropping malware onto targeted computers. In fact, an executable file is used 36 percent of the time.
In non-targeted email malware, executable file attachments accounted for approximately 1.3 percent of malicious attachments.
Businesses of all sizes are potentially vulnerable to targeted attacks. Know what to look for: Spear-phishing email is often sent in waves, or campaigns, initially to small groups of people in an attempt to infect an entire organization.
Remember that attackers are motivated mainly by profit and can be as technically sophisticated and well organized as any nation state-sponsored attackers.