White Paper: Spear-Phishing Attacks
Some of the most notorious cyber crimes in recent history — such as the attacks on major banks, media companies and even security firms — started with just one person clicking on a spear-phishing email.
Spear phishing is on the rise because it works. Traditional security defenses simply do not detect and stop it. From a cyber criminal’s point of view, spear phishing is the perfect vehicle for a broad array of damaging exploits. For example, threat actors are increasingly targeting executives and other high-level employees, tricking them into activating malware that gives criminals access into their companies’ environments. This might be ransomware that encrypts company data, then extorts fees from the victim to remediate the situation. Other malware includes banking and point-of-sale reconnaissance Trojans that target businesses in the retail and hospitality industries. The targeted executives are usually key leaders with titles such as chief financial officer, head of finance, senior vice president and director. Spear phishing emails are created with enough detail to fool even experienced security professionals.