What is Spear Phishing?
- February 3, 2020
Hackers have gotten pretty sneaky over the years. It’s becoming increasingly easier for them to make off with your data without you even realizing it.
One of their favorite ways of snatching data right under your nose is spear phishing. According to the latest cybercrime statistics, as many as 91% of all cyberattacks involve spear phishing.
This tactic is clearly a major threat to cybersecurity. But what is it, exactly? And what makes it both commonplace and dangerous?
Before we get into that, first, what is spear phishing anyway?
What Is Phishing?
Phishing is a hacking method that involves the victim handing the attacker their data willingly – unaware that they’re being cheated, of course. The most common way hackers phish is through emails and social media.
The hacker poses as a trustworthy person or organization and asks you to either click a link or download a file. By complying with the message, the recipient unknowingly exposes their data to risk.
A famous example of a phishing email is the so-called Nigerian Prince scam. It’s practically as old as the internet, but it’s surprisingly still around every once in a while. If you aren’t familiar with it, though, here’s an example:
Most phishing attacks will assume this kind of format, though they’ll likely be more clever than this.
So, that’s phishing in a nutshell. But what makes spear-phishing different?
What Is Spear Phishing?
Here’s a quick hypothetical scenario that illustrates what a spear-phishing attack is. A hacker sends an email to their victim. This email (typically using the recipient’s name and/or other personal information) claims that there was a problem with the receiver’s Facebook account.
The message includes what looks like a link to Facebook, but it actually leads to a page that looks just like Facebook’s login page. The victim types in their login details and unwittingly hands their data over to the hacker.
So, it’s basically the same as a normal phishing attack, right? Well, not exactly.
The crucial difference is that spear-phishing specifically targets a single person. Looking at the Nigerian prince example we talked about above, you can see that it can be mass-sent like a shotgun email. Our hypothetical, on the other hand, makes use of personal information. It’s basically tailored to attack only one person.
Why Is Spear Phishing So Dangerous?
The main reason why spear phishing is so dangerous is that it’s extremely effective. Seeing that it’s made to target one individual, it’s excellently disguised as a non-threat.
A file seemingly sent by one of your friends could contain malware, and that thought might only cross your mind when it’s too late. And phishing attacks bypass cyber defences, so there’s basically nothing to alert you that a breach took place.
Spear phishing is even scarier in the eyes of a business owner, though. Just imagine if a single employee falls for this grift, and they have sensitive data about their place of work. An entire enterprise can be compromised by just tricking one person.
With this in mind, it’s no wonder that nine out of ten hacking attempts use spear phishing. And they only seem to be rising in popularity: their use spiked by 65% in 2019.
How Do I Avoid Spear Phishing?
With a few precautions, you can make sure that you don’t fall for a spear-phishing attack:
- Simply knowing about it makes you more careful about what emails you open.
- Use different passwords to minimize the damage a hacker can make.
- Don’t post information willy-nilly around the internet.
- Don’t click on a link provided by a strange message.