Spear Phishing | Spear Phishing Email
Adrien Gendre
—January 05, 2017
—3 min read
Spear Phishing is a huge problem for IT organizations and for general management.
Spear phishing differs significantly from standard mass phishing emails (most of which are filtered out by the same techniques used to block spam). Rather than just sending tens of thousands of generic emails in the hope that one or two will get through, a spear phishing email targets a specific employee at your company. A good spear phishing email includes customized attack messages providing a believable context for the victim to engage. Further, most spear phishing emails appear to come from a trusted source such as a customer, a partner, or the CEO. All this combines to make victims much more likely to engage with a spear phishing email than a standard phishing or spam email.
A spear phishing email will appear to come from a trusted source and provide a believable context making the victim is more likely to engage.
A successful spear phishing attack can have a devastating impact on your organization: lost intellectual property, stolen money, breached customer records… and you might not even know it. The average time from breach to discovery can be frighteningly long for email-borne attacks because, except in cases of outright monetary theft (such as BEC), the victim is often not even aware that they have been fooled.
Email Security is Broken
The fact is standard email security systems will not reliably stop spear phishing attacks.
According to a 2016 Vanson Bourne study of IT decision makers, 84% of organizations said a spear-phishing attack successfully penetrated their organization in 2015. However, 71% also indicated that they already have some form of email security technology in place.
The problem is that the architecture of the vast majority of email security systems was essentially built to fight spam. The basic techniques for standard email security include signature-based protection that black-lists all known bad actors, spammy email content, and known malware attachments and phishing URLs. The structure and processes of these systems have been highly successful in fighting the prevalence of mass spam emails-- which threatened to make email unusable as recently as six or seven years ago.
This spam-derived email security actually works OK for most mass-emailed phishing attempts as the systems are able to block new variants of phishing attacks after the first few tens of thousands of emails are sent and the initial reports come filtering back. (Of course, this is of little comfort if one of your employees was the lucky recipient of one of the initial exploits…)
However, signature-based email security is completely ineffective against the sophisticated one-off targeted spear phishing attacks which are the primary threat today to your network security.
Consider these facts:
- 97% of all employees can’t reliably identify phishing or spear phishing emails.
- 93% of all data breaches start with an email attack.
- 99% of the installed network security systems can’t stop a well-crafted spear phishing email.
- Email will remain the primary targeting method of advanced attacks at least through 2020. (Gartner)
- CyberCrime will rise to $2.1 trillion dollars by 2021. (Juniper)
So it’s not surprising that that the CyberSecurity market is projected to grow to $200 billion dollars by 2021. What it is surprising is how most companies are tackling the problem. Rather than stopping malware and data breaches by directly addressing the most overwhelmingly common vector (email), they are spending the vast majority of their IT security resources on ever more elaborate schemes trying to deal with the problem after the bad guys have already breached the perimeter.
Spear Phishing Email Protection
You need to lock down your email systems with state-of-the-art email security and protection against ransomware, malware, phishing, and spear phishing.
93% of data breaches start with a single email.
Vade has a range of email security processes to ensure that spear phishing emails won’t make it to your employee’s inboxes. If your employees don’t have the opportunity to click on malicious links, open dodgy attachments, or respond by email or phone to phishers…. you can have confidence that your network and information is protected.
The Vade Advanced Email Security Suite includes:
- Inbound Filtering: every single email gets analyzed by our artificial intelligence engine against known malware and phishing signatures.
- Domain Verification: the sender’s domain is double checked for authenticity.
- Identity Verification: the sender’s email address will be verified against your existing contacts.
- Personal Data warnings: our artificial intelligence will notify you if there are sensitive data requests.
- Identity Match™: our patented software takes into account subtle behavioral and technical factors to ensure that the sender of an email is who they claim to be.
- Content Analysis: through daily deep email analysis and banner alerts, administrators and users can be notified when something suspicious is discovered. This means that zero-day vulnerabilities can be caught before it’s too late.
Ready to protect your organization from spear phishing attacks? Start your free 15-day trial.