Spear phishing is an advanced type of phishing attack in which criminal hackers specialize their approach to deceive a particular individual or group of individuals. Spear phishing assaults mainly arrive as emails appearing to be from people that the individual is familiar with; supervisors, vendor contacts and even family members. Criminals can actually spoof real ‘sender’ email addresses and construct believable attacks using tons of their victim’s personal and professional information that’s openly available online.
Earlier this year, a key member of WatchGuard’s finance team was targeted by a hacker posing as their manager in an urgent email request for a wire transfer. Thanks to proper training, this employee recognized the sender’s disregard for the official finance protocols of the company and alerted the proper personnel immediately.
In order to investigate the fraudster and learn more about their scheme, WatchGuard Information Security Threat Analyst, Marc Laliberte, responded to the wire transfer request under the original target’s name.
To learn more about Marc’s investigation and what you need to know about spear phishing, check out “How this analyst targeted a phisher” on CSO Online. You can also find the story on CIO and ITWorld.