By now you probably know how phishing emails work, if not you can read about it here.
However, do you know the difference between spear-phishing and a phishing attack? I will try to explain it in a few sentences.
As you know, a phishing attack is commonly conducted through mass emails sent to a bunch of users with the intent that somebody will click a link or open an attachment. The final objective is to leak a set of credentials from the end-user.
What is a Spear-Phishing Attack?
However, the spear-phishing attack, which uses the same delivery method, is slightly different. This type of attack target a specific user, such as a CEO or a senior manager. Therefore, the content of the email will be specifically crafted for the target. This means, if you are a Port Adelaide fan, the phishing email may contain content related to this topic with the likelihood that you open it, click on links and open attachments.
This was a recent spear-phishing attack where Australia’s top universities stemmed from a single email that was only previewed.
After some investigation, it was found that the attacker was inside the University’s network for 6 weeks, from November of last year. However, the university did not discover the intrusion until May of this year.
How did this happen?
Any image in an email that is linked to a location on the Internet will be retrieved when you open the email in order to display the content. You can disable this feature depending on the application you are using to read emails. In this scenario, the end-user unknowingly downloaded malicious code to the computer. A door was then opened to the university network from there.
In order to minimize the likelihood of this happening to you, please pay attention to any unsolicited emails and be careful when clicking links and opening attachments. Keep all your systems updated, including your operating system and applications.
And as always, be safe out there until the next Malware Monday.
Your protection is top of mind. Contact us today and find out how our team can help you cyber secure your business and personal data.
