DEV Community

Cover image for Go Phish! - Spear Phishing From An Attacker's Point Of View
Milecia
Milecia

Posted on

Go Phish! - Spear Phishing From An Attacker's Point Of View

Millions of dollars are lost every month to phishing attacks. These aren't the same spammy emails that claim a prince is going to send you money. We're in an advanced era with these attacks. Now you get messages from your boss or your mom. Scammers have learned how to get our guard down and the main way to prevent falling for an attack is knowing about them.

What is spear phishing

Spear phishing is more precise than regular phishing attacks. Instead of sending out an email with incredibly bad grammar to millions of people, spear phishing attacks focus on a specific group. Someone has taken the time to research the group of people or the person they are trying to target. They might have information like your email address, your best friend's name, and even your phone number.

They use this information to make specific messages that can trick you into believing it's from someone you know. An example of this could be getting a text from a number you don't know claiming it's your brother. They tell you they've had a blow out and need money to get to the mechanic and tell you how to send it to them. That's how clever some of these spear phishing attacks can be.

A phishing attack won't use information this specific and a whaling attack typically targets high level executives in companies. Spear phishing is one of the hardest attacks to detect. It can help to know exactly what attackers are looking for so that you don't end up being the person who clicked the link in the bad email.

How most attacks work

Just like with other hacking attempts, they are trying to get sensitive information about you or the company you work for. Most spear phishing attacks target small groups of users. They're trying to get you to send them something you wouldn't normally send by making it seem like it's from your boss or someone and it's urgent. So it'll be something like a manager or executive asking you to transfer funds to a different account or they'll ask you to update their password or login info because they've gotten locked out.

The requests that they make are usually reasonable so if it comes from an email address or phone number that looks close to the right thing, you'll be more likely to respond. Attackers make these requests look similar to what the real person would say so you have to pay close attention to who is really asking you to do stuff. There are a few particular ways attackers get you to give them what they want.

How they get you and how to stop it

The main way they get you to do what they want is by sounding friendly and keeping the message short and urgent. There will still be the tale-tell issues with the spelling of common words in the email so you can always look out for that. Attackers have gotten smarter than that now so you can't rely on just bad grammar.

When you get an email from someone you know with an odd request, check the email address. Not just the name that shows up, but the actual email address. It shouldn't have any typos, like replacing an "o" with a zero and it should use the right domain name. You also need to check any links you've been asked to click. Don't assume that the link you see is the same as the actual link.

Always check that the link makes sense. It should go to a website you know and when you get to that website, check it too. Attackers do create fake websites to try and get information from you. You can usually tell when a website is fake because it looks like a shoddy version of the real one. The images are typically low resolution and colors and positions of elements are usually a little off. It just won't have the same polish as the real site.

Unfortunately, there's no way to completely block spear phishing attacks from getting inside your inbox. The main way to avoid a really bad attack is to educate people on what these attacks are and the signs of one. At the very least, they'll be more aware of what to look out for.

Nobody wants to be the person who clicked a link and gave a hacker remote access to the company's information, but with these new attacks, it could be you. Just keep doing your due diligence on unusual emails and make sure you report those emails! By letting everyone know that someone is trying to go phishing, you can help prevent the attackers from getting in.

It's crazy how many of these attacks I've seen in both my work and personal emails. They really are getting better at this. Have you seen any really convincing phishing attacks?


Don’t forget! I'm doing a live, free webinar on how to make a MERN stack application on July 21st! You'll learn how to get MongoDB up and running, how to connect the React front-end with an Express/Node back-end. It'll be a lot of fun and I promise you will definitely learn a lot. You can register for the webinar here Hope to see you there! πŸ™‚

Top comments (1)

Collapse
 
eli profile image
Eli Bierman

Great article! They really are getting much more sophisticated, and people at tech companies are big targets since they often have access to so much valuable data. I've even seen people getting phone calls impersonating the office administrator saying there's an urgent need to send some information to somebody. I guess that's spear phish phoning? I personally wonder how much of the spear phishing targeting tech companies is state-sponsored.