Spear phishing is a specific type of phishing attack targeted at a single individual inside an organization where the payoff for a successful breach is particularly high.
Phishing attacks depend on sending email that pretends to be from a trusted brand or individual. For the first decade or more of their existence these attacks took a mass-mailing approach, hitting large numbers of email accounts in hopes of extracting a relatively small amount of value from each victim duped into giving up information.
Though this type of traditional phishing still exists, a great deal of criminal focus has shifted in recent years to spear phishing. Here the online criminal gang hand crafts mail messages to specific individuals inside companies or other organizations who are able to provide the access, information, or money that the criminals seek.
Impersonation Attacks Leading to BEC
These messages typically take the form of supposed communication from a trusted individual inside the company, someone who would have the authority to request the information or behavior being asked of the target individual. These email messages most often include a spoofed email address that matches the actual address of the supposed sender.
Email with this kind of spoofed identity is called an impersonation attack. Impersonation attacks are particularly nefarious in that there is nothing the user can see to indicate that a message is not actually from the source it claims.
The objective of these attacks is the theft of the company’s money (known as Business Email Compromise or BEC), information, or network access. Common outcomes include wiring money to an account controlled by the criminals or tricking an employee into giving away W-2 details or other Personally Identifiable Information (PII) that can be used for identity theft.
These attacks are heavily on the rise. As of June 2016 the FBI reports at 1300% increase in losses from BEC scams since January 2015. In that time period it estimates that 22,000 businesses lost $3.1 billion to BEC scams.
Introducing DMARC Authenticated Email
The good news is that security, networking, and messaging teams have an important tool in their kit to defend against these attacks. Email authentication using the DMARC (Domain-based Message Authentication, Reporting & Conformance) standard makes it possible to block email from using your domain name unless it comes from you or your approved senders. By doing so you can seriously damage the phishers’ ability to perpetrate social engineering attacks over email.
ValiMail offers Email Authentication as a Service™ to help you beat the phishers. The ValiMail Pro™ service takes over the difficult configuration and management of DNS records for DMARC, SPF (Sender Policy Framework), and DKIM (DomainKeys Identified Mail). It gives you visibility and control over all email sent using your domain names and the power to block unauthorized mail messages. All with the point-and-click simplicity of an intuitive web interface.