One of the big trends this year is spear phishing. These are phish attacks that are frequently (though not always) against high profile users. The purpose of these attacks is to steal sensitive data or get elevation of privilege inside the service by exploiting a software vulnerability within the user’s computer that transmits usernames and passwords back to the phisher.
Because of the frequency that they have occurred this year, I am sometimes asked what we do to defend against them. I am repurposing some internal documentation that some folks inside of Microsoft have written and adding my own spin on it.
Spear phishes are more difficult to repel using spam filtering because they are not a large campaign aimed at many users (like most spam campaigns), but instead are targeted at you specifically, using information gathered from Facebook, LinkedIn and other places you have left personal information. They look like they come from a personal contact, friend or other trusted party. Because they are small, targeted attacks, they do not show up on the radar of spam filters; they don’t come from compromised IPs (or if they do, they haven’t been used to spam yet), they contain zero-day malware or zero-day links to malware, and the language is designed to evade a content filter.
While a filter does help, users need to recognize these because a filter must not be the only line of defense against a spear phish. Some warning signs in spear phishes:
What can you do to combat this? Here are some common sense things you can do to protect yourself and your company:
No security system is perfect. But you should be make it as difficult as possible for anyone to attack you and your organization.
Related Posts: Gmail’s new anti-phishing defense Phishing Protection – What can you do for me? Human errors are the weak link in security