Cyber crime is something that has become part of today’s cyberspace culture and it is a steadily growing threat on the rise. Trusteer” a Boston-based computer security company recently published a report titled “Measuring the Effectiveness of In-the-Wild Phishing Attacks”. Based on Trusteer’s calculations they concluded that the loss per every successfully compromised online banking account is approximately $2,000 which is equivalent to $9.4M per year per each one million customers. These numbers specifically address financial damages caused by the Computer-Based Crime methodology known as “Spear Phishing”.
This cyber crime is a security threat that not only affects businesses, but also everyone that has access to the World Wide Web whether it is via computer, laptop, smart phone or notepad. In order to achieve a successful breach, criminal masterminds often attempt to illegally gain access to the business through multiple targets while combining them with vulnerability tools via web access, e-mail, and even social engineering. In the recent breach to the retail store Target Inc. it was discovered that over 110 million consumers’ credit cards and personal information were exposed to attackers. Several months earlier, programs with malware-laced email phishing codes were sent to Target employees via an HVAC firm which could have been the culprit that infected Target’s point-of-sale systems. According to Fox Business, the attackers used the information gathered and gained access to additional network resources which led to the $200M breach and left the cyber door wide open to future infiltration.
Rest assured that there are many other cyber crime attack methods that can be employed but, this paper will specifically address the different methods and reasons behind spear phishing, what can be attributed to its success and what to do in order to prevent this type of attack.
Spear Phishing Definition
The Federal Bureau of Investigation (FBI) and the Anti-Phishing Working Group (APWG) uses angling sport as an analogy to describe and explain spear phishing. It is a technique that scamming cyber criminals and cyber con artists use to fraudulently and deceitfully obtain user information through “spoofed” (hoax) e-mail spam appearing to come from a legitimate originator or website. It then lures their victims to fraudulent websites and fish for information from the sea of probed users.
Following this analogy, spear phishing is an intentional criminal act designed to phish out a specific group or pre-identified target that may have something in common (i.e. working in a specific company or banking with the same institution), deceive the recipients by gaining their trust and believing that these legitimate looking e-mails are coming from a reliable source. Once this is achieved, the user unknowingly accesses the e-mails and is then redirected to a counterfeit website. This is where the user eventually is hooked and conned...