Spear Phishing: Top Threats and Trends

Protect your business from sophisticated, targeted and costly attacks.

Spear phishing, a highly-personalized form of email attack, is increasing in popularity with cybercriminals. Attackers research their targets and craft carefully-designed messages, often impersonating a trusted colleague, website
or business. Spear-phishing emails typically try to steal sensitive information, such as login credentials or financial information, which is then used to commit fraud, identity theft and other crimes.

Designed to evade traditional email security, including gateways and spam filters, spearphishing attacks are often sent from highreputation domains or already-compromised email accounts. Spear-phishing emails do not
always include malicious links or attachments. Since most traditional email-security techniques rely on blacklists and reputation analysis, these attacks get through. Attacks typically use spoofing techniques and include “zero-day”
links, URLs hosted on domains that haven’t been used in previous attacks or that have been inserted into hijacked legitimate websites; they are unlikely to be blocked by URL-protection technologies. Cybercriminals also take
advantage of social-engineering tactics in their attacks, including urgency, brevity and pressure, to increase the likelihood of success.