Social media and the rise of spear phishing

Spear phishing is a form of phishing attack. But unlike most phishing emails that go out to hundreds or thousands of potential targets at the same time, spear phishing is highly targeted – leveraging very specific information about individuals or organisations to personalise the attack and make it more effective.

How does spear phishing work?

The personalised nature of spear phishing means that the details vary between attacks. But typically, it follows a step-by-step process that builds a bank of information and uses that to craft a targeted attack.

The threat actor selects a target. This might be an individual or an organisation, and they’re chosen for a reason; such as their access to critical data or financial resources.

Research. The research phase is essential to a spear phishing attack. The attacker collects detailed information about the target through any available sources; including company websites, digital platforms, media publications, and social media.

Content creation. Backed by target research, the attacker crafts personalised content, which they’ll use to approach the target by email or phone. The message is often designed to look like it comes from a trusted source.

A call-to-action is developed. Within the initial contact email or message, there’s a call-to-action (CTA). This is a compelling reason for the target to take action – for example, click on a malicious link, respond with sensitive information, or open an attachment.

The target is exploited. If the campaign is well-designed and the target well-chosen, the target falls for the deception and the attacker gains access to the credentials or data they wanted.

Covering tracks. Attackers often work to remove all traces of the attack once they’ve begun exploiting the target’s resources – to prevent detection and sometimes to enable the exploitation to continue for long periods of time.

Social media and the rise of spear phishing

Whether they’re targeting an individual, or targeting an organisation via an individual employee, spear phishing attacks rely heavily on people who freely share personal and work information on social media platforms.

Attackers can access publicly available data that includes details about targets’ relationships, job roles, personal interests, and day-to-day activities. They also create fake profiles, populating them with posts and images so they look genuine, and using those profiles to build trust with the target.

And it’s that potential for building trust that really makes social media such a rich environment for spear phishing to thrive. It’s so effective that committed threat actors can launch long-term attacks; Evalda Rimasauskas for example, who used the spear phishing strategy to gain access to tech company Quanta from 2013 to 2015.

One of the major challenges organisations face in mitigating the risks of spear phishing on social media is that they have to respect employees’ freedom to express themselves online, and balance that with the security of the organisation.

Company social media policies can restrict the sharing of business information and encourage employees to separate their personal and work profiles but more awareness is needed to understand the signs and risks of spear phishing.

Training to support individuals in understanding and identifying spear phishing tactics is essential. Some organisations run simulated spear phishing exercises on social media to test and improve employees’ ability to detect and report suspicious behaviour. Education around how to verify the authenticity of social media accounts and communications before engaging with them can help minimise the risk of employees sharing information with malicious actors.

Ultimately, organisations have to tread the line between effective security and overstepping into employees’ personal lives. But as spear phishing continues to become more prevalent, it’s a necessary boundary to explore.

Discover the latest research into social engineering cybersecurity attacks at MEA 2024.

你可能想看：

5. Collect exercise results The main person in charge reviews the exercise results, sorts out the separated exercise issues, and allows the red and blue sides to improve as soon as possible. The main

(3) Is the national secret OTP simply replacing the SHA series hash algorithms with the SM3 algorithm, and becoming the national secret version of HOTP and TOTP according to the adopted dynamic factor

In today's rapidly developing digital economy, data has become an important engine driving social progress and enterprise development. From being initially regarded as part of intangible assets to now

Data security can be said to be a hot topic in recent years, especially with the rapid development of information security technologies such as big data and artificial intelligence, the situation of d

Cybercrime has shifted to social media, with attack volume reaching an all-time high.

b) It should have the login failure handling function, and should configure and enable measures such as ending the session, limiting the number of illegal logins, and automatically exiting when the lo

A Brief Discussion on the Establishment of Special Security Management Organizations for Operators of Key Information Infrastructure

4.5 Main person in charge reviews the simulation results, sorts out the separated simulation issues, and allows the red and blue teams to improve as soon as possible. The main issues are as follows