Spear Phishing – Part 2
Originally posted on https://www.bestructured.com/spear-phishing-part-2/
What the Spear Phisher is After
Our last blog examined what a Spear Phishing attack is. In today’s blog, we examine what the primary targets are:
1) Money, Money, Money and lots of it:
While other Phishing based campaigns focus on getting any kind of personal information and data, the Cyber attacker in this case, wants just one thing: Your cash. As a result, they tend to target the following:
- Credit card companies;
- Insurance organizations;
- Credit Unions;
- PayPal;
- Amazon.
In their Spear Phishing E-Mail, the Cyber attacker does not traditionally attach a .DOC or .XLS file. Rather, they will instead attach a .HTML file, or include the relevant HTML data in the body of the message. If the victim either downloads this particular attachment or clicks on the link, then he or she will be taken to a very authentic looking, but spoofed website in which they enter in their password. From this point, the Cyber attacker then hijacks it, and logs into whatever online financial account they know that the victim possesses and steals as much money as they possibly can. According to the FBI, over 7,000 financial related institutions have been targeted since 2015, which has resulted in a loss of well over $612 Million.
2) Waiting for particular times of the year:
It is important to note that Spear Phishing attacks do not just occur at any time of the year. Rather, they occur at special points in time, where there is a lot of activity happening, especially between the financial organization and the individual or organization during tax season. A typical example of this is tax season. To launch their Spear phishing campaign, the Cyber attacker will covertly pose themselves as some sort of tax related entity (primarily that of the IRS) requesting the tax preparer to send over sensitive information of the victim (primarily their Social Security number). This request will often come in the form of an E-Mail message, with the sending address being typically one of the followings:
These types of E-Mail messages often contain a VBA script that is malicious in nature, and worst yet, it will automatically execute itself once opened. Another example of when a Spear Phishing attack will typically occur is at during a catastrophic event, such as a natural disaster. For example, in these types of scenarios, the Cyber attacker will send out an E-Mail from the Red Cross asking for donations or other kinds of financial assistance. Very often, when the victim clicks on that link, they will be taken once again to a very authentic looking, but spoofed website. But rather than asking them to login into a website so that their login information can be captured, the victim is asked to donate money. From, there it then gets deposited into a phony bank account that is set up by the Cyber attacker.
3) Stealing corporate data:
Another prime interest of the Cyber attacker is that of stealing of sensitive data in this regard. This typically includes contact information of their customers, such as names, phone numbers, E-Mail addresses and the like. Once this is collected, the Cyber attacker then has enough information at hand in order to conduct further and deeper research into their intended victims. Also, at stake here is the information that is pertinent to the IT infrastructure of the business or corporation, so that a Ransomware attack can be launched, targeting the organization’s workstations, servers, and wireless devices.
Conclusions
Our next blog will review several incidents of real life attacks, and just devastating a Spear Phishing attack can be.