On 24 May 2023 Barracuda Networks published a report that highlighted the lucrative return rate for cybercriminals of using spear phishing. These attacks make up just 0.1% of all email-based attacks but are responsible for two-thirds of all breaches.

But what is spear phishing? And how can you protect yourself from these attacks?

What is spear phishing?

Spear phishing is personal – it is a type of cyber-attack that targets a specific individual or organisation. The attacker will often do research on the target to learn about their interests, job title, and other personal information, often by looking at their social media, company websites, or public databases.  They then use this information to craft a phishing email that appears to be from a legitimate source, such as a co-worker, a government agency, or a financial institution. Unlike regular phishing attacks that cast a wide net, spear phishing attacks are more sophisticated and attempt to deceive the target by using information that appears legitimate and relevant to them.

The email will often contain urgent requests, a malicious link or attachment that, when clicked, will install malware on the victim’s computer. Once the malware is installed, the attacker can steal sensitive information, such as passwords, credit card numbers, or Social Security numbers.

Spear phishing attacks are more likely to be successful than traditional phishing attacks because they are targeted at specific individuals – they are personalised. The attacker has taken the time to learn about the target and craft a message that is likely to fool them. As a result, spear phishing attacks are a serious threat to businesses and individuals.

How do I protect myself from spear phising?

• Be suspicious of any email that asks for personal information, such as passwords, credit card numbers, or Social Security numbers.
• Don’t click on links or open attachments in emails from senders you don’t know.
• Double check the email address of the sender.
• Keep your software up to date, including your operating system, web browser, and email client.
• Use a firewall and antivirus software.
• Have a spam filter installed.
• Be careful about what information you share online.

If you are at all concerned that you may have fallen foul of a spear phishing attack you need to inform your IT department, or your IT support company, as soon as you possibly can.