Spear-phishing is the most prevalent delivery method for advanced persistent threat (APT) attacks. Today’s cyber criminals launch APT attacks with sophisticated malware and sustained, multi-vector and multi-stage campaigns to achieve a particular objective. In a typical spear-phishing attack, a specially crafted email is sent to specific individuals from a target organization. “APT campaigns frequently make use of spear-phishing tactics because they are essential to get high-ranking targets to open phishing emails,” the TrendLabs APT Research Team noted in the Trend Micro white paper.
Spear-phishing may be defined as highly targeted phishing aimed at specific individuals or groups within an organization. Spear-phishing makes use of information about a target to make attacks more specific and personal to the target. Spear-phishing is a targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data.
- 91% of targeted attacks involve spear-phishing emails.
- 84% of organizations said a spear-phishing attack successfully penetrated their organization in 2015.
- Spear-phishing uses a blend of email spoofing, dynamic URLs and drive-by downloads to bypass traditional defenses.
- According to Trend Micro, a typical spear-phishing attack includes an email including information specific to the target and an attachment.
- Trend Micro reported that spear-phishing tactics have become a favorite for targeted attacks because victims are more often duped into opening these types of emails.
- 94% of targeted emails use malicious file attachments.
- 70% of attachments include files such as .doc, .docx, .xls, xlsx, .pdf
- Social networking sites allow attackers to harvest relevant information to use in attacks.
- Over half of spear-phishing email recipients addresses are available via simple internet searches.
Visit our Phishing Facts and Spear-Phishing Facts pages for useful information on the threat of phishing and spear-phishing and prevention information about same.