<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1018517621595528&amp;ev=PageView&amp;noscript=1">
Stats & Trends
Jonathan Crowe
Feb 2016

Barks & Bytes 2.25.16: What Are Spear Phishing Attacks?

Photo by Source

Your weekly roundup of the latest infosec news and resources, including a breakdown of what spear phishing attacks are and how to spot them.

Spear_Phishing_Attacks_Explained.jpg

SPOTLIGHT ON: SPEAR PHISHING 

We all know we should be wary of emails from unfamiliar sources, especially ones with unusual requests or links to offers that seem too good to be true. But what many may not realize is just how good criminals have gotten at crafting seemingly legitimate messages that can even appear to come from people we know and trust. 

This type of targeted attack is called spear phishing, and according to researchers, it's a technique that's responsible for instigating the majority of hacking attacks

What do spear phishing emails look like? How much damage can they cause and what can organizations and their users do to avoid them?

QUICK STATS

85% of organizations surveyed reported being the victim of a phishing attack in 2015

67% reported experiencing spear phishing

Source: Wombat 2016 State of the Phish Report

RECENT EXAMPLES OF SPEAR PHISHING ATTACKS

Was Spear Phishing and "Locky" Ransomware Behind the Hollywood Presbyterian Medical Center Attack?

While the specific cause and strain of ransomware used in the attack is still unconfirmed, researchers believe a targeted email with a malicious Word document attachment may have been responsible for shutting down the hospital's network and costing it $17,000 in ransom. — Invincea

Phishers Spoof CEO, Request W-2 Forms

With tax filing season well underway, scammers have a new trick up their sleeves — spoofing emails from a target organization's CEO and asking human resources and accounting departments for employee W-2 information. — Krebs on Security 

What a Spear Phishing Email Looks Like

Today's phishing messages can look incredibly legitimate. Case in point, this email our CEO received that was purportedly from our lawyer. Here's how he discovered it was bogus. — Barkly

10 Tell-Tale Signs of a Phishing Email

Having the proper endpoint protection installed will give your users a critical safety net, but teaching them how to spot a phishing or spear phishing email in the first place should be a top priority. — TechRepublic

MORE INFOSEC NEWS & RESOURCES

mousejacking.jpg

Countless Computers Vulnerable to MouseJack Attack via Wireless Mice and Keyboards

Weaknesses in wireless mice and keyboards are making them vulnerable to "MouseJacking." Hackers have been able to take control from up to 100 yards away. — CSO 

Airport WiFi Experiment Reveals Reckless Behavior Among Smartphone Users

Researchers reveal just how risky users are willing to be when it comes to connecting to public WiFi hotspots on the go . — Tripwire 

TeslaCrypt Posing as USPS in Ransomware Campaign

Attackers are targeting users with emails that have USPS colors and graphics, including an attachment masquerading as a failed delivery attempt receipt. — InfoSecurity

Microsoft Silverlight Exploit Spotted in Angler Kit

A dangerous exploit for a Silverlight vulnerability has been discovered in the popular Angler exploit kit used to compromise computer systems. — ZDNet

Anatomy of an Account Takeover

How organized crime rings are amassing bot armies for password-cracking attacks on personal accounts in retail, financial, gaming, and other consumer-facing services. — Dark Reading

 

Photos by anoldent and Patryk Dziejma

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical point of view.

blocks-attack-grey-circle.svg

Close the gaps in your security

See how Barkly’s Runtime Malware Defense blocks attacks other solutions miss.

See a demo

Comments

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.