March 20, 2019

How to spot spear phishing and protect your business from costly attacks

By Luke Christou

Gone are the days of mass spam emails designed to trick unaware internet users into infecting their devices with harmful software. Cybercriminals are increasingly using highly-personalised email attacks designed to trick specific targets into handing over sensitive information.

Cybercriminals will typically try to impersonate a reputable brand, spoof sender details so it appears to be from a legitimate sender, or claim to possess sensitive information belonging to the account owner.

Known as spear fishing, these malicious emails often go unnoticed by email security systems. The attacker use various techniques, such as sending emails through reputable services such as Gmail, or avoiding the use of attachments, to evade detection.

“Spear phishing attacks are designed to evade traditional email security solutions, and the threat is constantly evolving as attackers find new ways to avoid detection and trick users,” said Asaf Cidon, Vice President of Content Security at Barracuda Networks.

Previous studies have estimated the cost of spear phishing incidents at $1.6m on average, so how can businesses recognise and protect against these malicious emails?

How to spot a spear phishing attempt

Cloud-enabled security solution provider Barracuda recently published its Spear Phishing: Top Threats and Trends report. Researchers analysed more than 360,000 spear phishing attempts to identify the methods currently being used to dupe business professionals into handing over sensitive information.

The company found that brand impersonation was by far the most common method used, with 83% of attacks launched attempting to impersonate commonly-used businesses and applications. By impersonating businesses that the target frequently engages with, they are less likely to be suspicious of an email received from that company.

Microsoft, who hold a 75% share of the computer operating system market, was the most commonly impersonated business. Microsoft was used in 32% of spear phishing attempts analysed, followed by smartphone manufacturer Apple with 21%.

Financial services and delivery companies were also frequently used. Chase, UPS, American Express, Bank of America and FedEx were all in the top 10. Close to 20% of all attacks involved the impersonation of a financial institution.

Possibly highlighting the sophistication of these email campaigns, cybercriminals appear to have refined their spear phishing attempts to target businesses. Emails sent peaked during mid-week between Tuesday and Thursday, but fell drastically over the weekends. Just 10% of the emails analysed were sent on a Saturday or Sunday.

Sextortion over business email compromise

Aside from impersonation businesses, cybercriminals are increasingly attempting to impersonate individuals within the target’s organisation. Known as business email compromise attacks, these personalised attempts typically involve asking executives or those in the finance department to facilitate payments.

Last year threat detection company Agari warned of a criminal organisation, named London Blue, in possession of a list containing the details of 50,000 top business professionals. The cybercriminal organisation was sending emails that appeared to be from the CEO to the company’s Chief Financial Officer.

While these attacks made up just 6% of those analysed by Barracuda, successful business email compromise attempts have reportedly cost businesses $12.5bn since 2013 according to the FBI.

Despite business email compromise proving to be lucrative method, employees are still twice as likely, if not more, to be targeted by sextortion attempts. Barracuda notes that the frequency of sextortion scams are often underreported as recipients fear embarrassment or exposure.

The cybercriminal will claim to have a compromising video recorded through the account owner’s webcam and will threaten to release it unless a ransom is paid.

While details vary, these emails typically follow the same script. Yet, Barracuda found that these attempts are becoming more sophisticated. Spoofing techniques are often used to give the impression that the email has been sent from the victim’s own email address.

Attackers have also started to include information that was exposed during previous data leaks, such as passwords, to give the impression that they have genuinely compromised the victim’s system.

Barracuda found that 54% of sextortion subject lines will typically contain some kind of security alert, such as “[email address] is under attack” or “cybercriminals know your password [password]”.

How to protect yourself against spear phishing campaigns

When you know what to look out for, detecting a spear phishing attempt becomes significantly easier. However, technology can also help to keep businesses from falling victim to these scams.

“Staying ahead of these types of attacks requires the right combination of technology and user training, so it’s critical to have a solution in place that detects and protects against spear-phishing attacks, including business email compromise, brand impersonation, and sextortion,” Cidon said.

To deal with particularly costly business email compromise threats, artificial intelligence technology can be used to analyse emails within an organisation and detect anomalies in communication. AI can also be used to detect when an account has been taken over by malicious actors before this can be used to cause damage to the organisation.

However, protection doesn’t have to be costly. Simple tools such as multi-factor authentication or simply training staff to spot and respond to email threats can offer a valuable line of defence against cybercriminals.

Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: