How to Prevent Email Spear Phishing Attacks 

Phishing emails are often sent out en masse and target people indiscriminately. According to a recent Gone Phishing Report, 7% of users clicked a phishing email in 2022. Of those, 44% submitted credentials in a subsequent online form.

As high as these statistics are, spear phishing attacks–a highly targeted form of phishing–are much more successful. According to research by Barracuda, 11% of spear phishing email recipients click the links inside them.

Let’s dive into what spear phishing is, why it’s so effective, and what you can do to prevent becoming the victim of a spear phishing attack.

What is a spear phishing attack?

Spear phishing is a highly targeted form of phishing, often aimed at specific individuals in an organization. Spear phishing tries to be as legitimate and convincing as possible. The emails often include personal or company-specific information that may come from intensive prior research, such as scouring people’s social media accounts or investigating the person’s background and role in the company. 

These emails, as opposed to the cookie-cutter template emails used in broad-scale phishing emails, are crafted with detail and tailored to the target. And they’re often successful.

In 2022, spear phishing attacks accounted for only 0.1% of email-based attacks, yet they were the source of two-thirds of all data breaches.

Real-World Spear Phishing Attacks

In 2021, hackers used a spear phishing attack to impersonate USAID and contact 3,000 email subscribers to get them to install malicious software. The attack was sophisticated enough to circumvent many spam filters.

One of the most notorious spear phishing attacks involved a hacker incorporating a company to impersonate a legitimate Google and Facebook supplier, then sending fraudulent invoices to targeted employees at these two companies. The employees paid $100 million worth of invoices over two years before authorities finally caught the hacker.

If tech giants can become victims of spear phishing, it’s essential for ALL businesses to implement the basics to avoid becoming victims as well.

How to prevent spear phishing attacks

Preventing spear phishing requires a combination of employee training, cybersecurity tools, and company policy. 

Education and company policies

Training employees to recognize spear phishing emails involves more than traditional phishing awareness training.

For spear phishing, employees should be aware of:

• Social engineering tactics: Employees should know that these emails often have a “personal touch” to them so they should be wary.
• Verification by additional channels: Employees should verify email contents, especially those asking for payment, using another verification method such as calling for payment release validation.
• Raise awareness of compromised accounts: Spear phishing can use legitimate accounts so employees need to be cautious even if an email comes from a recognized email address.
• Spotting subtle clues: Train employees to notice anomalies in email tone, language, patterns, or urgency that might indicate a compromised account.

Additionally, consider implementing a company policy to limit public sharing of key email addresses. 

Principle of least privilege

IT teams should err in the direction of giving users too few privileges, rather than too many. This can prevent a successful spear phishing attack from using a compromised account to reach more sensitive assets.

Similarly, any payment software should require additional checks and authorizations for new recipients or for payments above a certain threshold.

Account security

Spear phishing often seeks credentials or a way into an organization, so preventing account compromise is essential.

By adding multi-factor authentication (MFA) or two-factor authentication to accounts, you make it that much harder for hackers to leverage any stolen credentials.

On the other side, spear phishers can use leaked credentials and compromised legitimate emails as part of their attack. To avert this, data breach monitoring tools can help prevent that initial compromise. These tools actively scan and monitor online sources to determine if any sensitive information, such as an email address/password combination, is leaked. If it is, that password needs to be changed immediately, as well as any accounts that may share that password. This is an additional line of defense you can provide to your employees that makes it much harder for cybercriminals to carry out a successful spear phishing attack.

Password managers can also help ensure your employees aren’t using the same password for more than one service.

DMARC, SPF, DKIM

DMARC, SPF, and DKIM are complementary email authentication methods that collectively enhance email security by verifying sender authenticity and preventing email spoofing (impersonation).

Spear phishers often spoof addresses or use “lookalike” addresses from a different domain. With these authentication methods, you can prevent non-authenticated emails from making it through to users.

To learn more about these methods, you can check out our phishing email article here[HO1] .

How a managed security program provider can help

The highly targeted and sophisticated nature of spear phishing attacks means that a prevention strategy can only go so far. Businesses should work with partners that can provide detection and response tools to minimize the damage of a successful spear phishing attack.

If you’ve worked out a response plan in coordination with a good managed security program provider,  you’ll likely have a swift recovery and not succumb to the financial or reputational consequences to which these attacks often lead.

To learn more about how SolCyber’s managed security program can help you improve your protection and recovery against spear phishing, contact us for more information.