How Spear Phishing Email Is Becoming a Growing Threat

eWEEK DATA POINTS: Targeted phishing emails, commonly referred to as spear phishing, are a real risk for most organizations, as attackers use different techniques to lure victims.

Barrcuda Spear Phishing

Email security is top of mind for many organizations, with one of the primary threats coming from a type of attack known as spear phishing.

Phishing is a well-understood type of email threat where attackers send unsolicited email with some kind of hook to attract and trick a victim into clicking a link that can lead to a malware infection. While phishing in general is not targeted but instead is a broad-based attack, spear phishing is a very targeted attack, with attackers aiming the lure at specific individuals within organizations.

A new Barracuda Networks report released March 19, based on an evaluation of more than 360,000 spear phishing emails analyzed over a three-month period, provides new insight into how the attack works. In this eWEEK Data Points article, we look at some of the key findings and recommendations from the report.

Data Point No. 1: Sextortion blackmail scams are growing

In a sextortion scam, an attacker attempts to trick a spear phishing target with the threat of some kind of knowledge about potentially inappropriate behavior.

"A few months ago, this type of attack didn't even exist, and now it is one of the most popular techniques, accounting for one in 10 of all spear-phishing emails," Asaf Cidon, vice president of content security at Barracuda, told eWEEK. "The rapid increase indicates that this method is highly successful; otherwise, the attackers wouldn't be spending so much time on it."

Data Point No. 2: Tuesday is the most popular day

  • While spam and general phishing attacks can and do occur any day of the week, attackers in spear phishing campaigns generally focus on business users during the workweek. 
  • Barracuda found that peak spear phishing activity occurs Tuesday through Thursday, with Tuesday being the busiest day, accounting for 20 percent of all spear phishing email deliveries.

Data Point No. 3: Brand impersonation emails bypass traditional email security

  • Eighty-three percent of spear phishing emails impersonated a well-known brand, with 20 percent impersonating a financial institution.
  • According to Barracuda, the brand impersonation emails are able to bypass some traditional email security systems as they appear to originate from high-reputation senders. 

Data Point No. 4: Impersonating Microsoft is a common technique

  • The single most impersonated brand in spear phishing campaigns according to Barracuda is Microsoft, which accounted for 32 percent of emails. Not far behind is Apple at 21 percent.
  • By impersonating the well-known technology vendors, attackers aim to trick victims into giving up information and potentially enabling account takeover.

Data Point No. 5: "Request" is the top Business Email Compromise subject line

  • Business Email Compromise (BEC) is a form of spear phishing where an attacker attempts to trick a victim into paying a fraudulent invoice.
  • Barracuda found that the top subject line used in BEC spear phishing emails included the word "request," which was in 36 percent of BEC email subject lines. The second most popular was "follow up" at 14 percent and then "Urgent/important" at 12 percent.

Data Point No. 6: Limiting the risk from spear phishing involves multiple technologies

There is no one technology approach that effectively blocks all types of spear phishing attacks.  

Rather than simply relying on traditional reputation-based approaches for email security, Barracuda recommends organizations consider the use of account-takeover protection, DMARC (Domain-based Message Authentication, Report and Conformance) authentication and awareness training.

Data Point No. 7: New attacks are coming

Given the success of spear phishing attacks, it's likely that over the course of 2019 and beyond email attack vectors will change in different and unknown ways.

"It is very hard to anticipate, since attackers are always looking for creative ways to bypass security systems," Cidon said. "I can definitely anticipate that we will see new types of unanticipated attacks."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.