“Phishing”, “spear phishing”, “spoofing” are all techniques used by unscrupulous people to hack into or otherwise install malicious software. Phishing emails are typically made to look like they were sent by a known contact or organization using email spoofing. Email spoofing is the root of all spear phishing and email phishing campaigns. The attackers impersonate someone else by using servers to make an email look as though it came from a legitimate contact. Contained within these emails are typically malicious links or attachments that install malware on the target’s device, or direct the target to a malicious website that is set up to trick the user into giving sensitive information like passwords, account information, or credit card information.
Because of slowly adopted email security measures, email spoofing is something that cannot be stopped by the organization being spoofed. Email spoofing is possible because the Simple Mail Transfer Protocol (SMTP) does not provide a mechanism for address authentication. There are some email address authentication protocols and mechanisms that have been specified to battle email spoofing. Without the tools on the sender side and receiver’s end to check emails for these protocols and mechanisms, the spoofed emails will not be stopped.
Spear phishing has the same goal as standard phishing, but the attacker first gathers information about the intended target. This information is then used to personalize the spear phisher’s email attack. Instead of sending the phishing emails to a large group of people, the attacker targets a select group or an individual. Limiting the targets makes it easier to include personal information like the target’s first name or job title and make the malicious emails seem more trustworthy.
While phishing and spear phishing attacks are similar, there are many key differences to be aware of. A phishing campaign is very broad and automated. The attackers are sending the same email to hundreds or thousands of recipients. It does not take a lot of skill to execute a massive phishing campaign. Most phishing attempts are after information like credit card data, usernames and passwords, etc. and are usually a onetime attack.
Spear phishing, on the other hand, is highly targeted going after a specific employee, company, or contact list gained from a prior phishing email. With this approach the attacker is more hands on, building emails that are sent to the compromised contact list. Spear phishers are after more valuable data like confidential information, business secrets, and data of that nature. Therefore a more targeted approach is required; they find out who has the information they seek, and go after that particular person. A spear phishing email is really just the beginning of the attack as the attackers attempt to get access to the larger network. Spear phishing attacks are often harder to detect than regular phishing attacks because they are so focused. The organization or employee that is under attack will have a harder time determining an email is not legit.
Implementing an enterprise grade email spam filter can help scan emails looking for the specifics above and stop the emails before they enter an organization. Once the emails enter an organization, security-awareness training for employees and executives alike is necessary to train employees what to look for and to determine if an email is legitimate or not. This training typically educates users on how to spot phishing emails based on suspicious email domains, links enclosed in a message, as well as the wording of the messages and the information that may be requested in the email.
The key to battling phishing, spear phishing, and spoofing attacks is utilizing an enterprise grade spam filter, and ongoing end user education about what to look for in all email communication.