Spear-phishing is when an unwitting victim responds to a bogus email, which the victim believes is from a trusted sender, and reveals confidential information to the fraudsters.Each time UCSD wired money to Raage's account, the suspect would promptly withdraw the money or transfer it to another account.
"Phishers are interested in stealing logins to SaaS sites because they yield financial data and also personnel data, which can be leveraged for
spear-phishing," said Greg Aaron, APWG Senior Research Fellow.
These malicious firmware updates can be delivered via standard intrusion techniques, such as
spear-phishing, or come pre-installed on a machine via attacks on the supply chain, making these threat vectors especially difficult to detect and mitigate.
Spear-phishing at scale Targeted attacks have until now by their very nature been limited to a small number of users in an organisation.
DarkHydrus tends to use
spear-phishing emails which lure victims to provide login details through an attached 'template' file hosted on remote servers controlled by the attackers.
Kaspersky warned that
spear-phishing should be a given a closer watch because of the huge implications of a data breach.
Due to the significant increase in
spear-phishing attacks (where fraudulent emails appearing to be from a supervisor are sent to employees to cause them to reveal confidential information or provide bank account information), organizations should periodically test the cyber-awareness and susceptibility of their employees to cyberattacks via engaging certified ethical hackers who can conduct social engineering-based
spear-phishing exercises.
According to Kaspersky Lab researchers, the malicious code spreads through infected USB devices and
spear-phishing and includes features to evade detection.
Spear-phishing is a common technique hackers use, and the Russians deployed it so that people would unknowingly reveal their passwords or grant some other kind of network access.
Email continues to be a primary attack vector for cybercriminals to launch a
spear-phishing, localized or 'spray and pray' campaign.