Spear Phishing: Why email scamming is a growing concern

Spear Phishing: Why email scamming is a growing concern

Imagine you're just chatting away at the office, minding your own business, until an urgent email from your CEO pops up, and they need you right now. Of course, seeing the name of your CEO spurs you into action: whatever they need, right?


Is it really your boss? Can you really be sure that he needs your phone number? Is he even out of the office right now?

What you really need to do is make sure that you're not falling for a spear phishing scam.

What is phishing?

Phishing is a scam where someone pretends to be a legitimate source (your boss, your bank, your mom) in order to get you to hand over your sensitive information. In the most elaborate scams, thousands of dollars have been lost because people trusted that the sender was who they said they were.

We’re sure that everyone remembers the Nigerian prince scam from the nineties, but scammers have evolved and so has phishing as a scheme.

Phishing can happen through text messages or even phone calls, but the most common channel is by far email, which stands for 96% of all phishing attacks. These types of incidents aren’t exactly rare, either. The UK have reported 12 million registered scams as of May 2022.

But let’s have a closer look at spear phishing. This is also a type of phishing attack, but rather than sending one email to hundreds or thousands of users, spear phishing scammers are targeting one person. A common way of doing this is by CEO impersonation, like the initial example shows.

Find out here the differences between phishing and spear phishing and what they look like in examples.

This type of cyberattack is common within businesses and professional settings. They are, after all, a more developed version of the classic phishing email.


Read more: anyone can fall victim to a phishing attack, but these 5 teams and companies should be extra careful, as they are fast becoming a favorite phishing target.


Why is spear phishing so effective?

Many of us have learned to identify a traditional phishing attempt. ‘Don’t click on any unknown links’ is basically the first thing you learn about cybersecurity. Well, that and don’t use the same password for every account that you own.

What makes spear phishing so successful is the credibility in the emails. You are more likely to do what the scammer says, because you think you are talking to someone you know. How easy is it to accidentally share your personal phone number with someone, if you think it’s your boss or colleague asking for it?

Spear phishing scams also play on a sense of urgency. They don’t want you to take the extra time to think about who is writing to you. According to the Internet Security Threat Report, the five most used keywords in subject lines for spear phishing emails are:

  1. Urgent 
  2. Request 
  3. Important 
  4. Payment 
  5. Attention 

Read here the 8 warning signs that will help you spot a phishing email.

This is why these kinds of email scams are a growing concern: They are super easy to fall for. So be on high alert next time you see these types of messages landing in your inbox!


Consequences include data breaches and huge fines

We'll just get right to it: falling for a phishing scam can have devastating consequences. Once a phishing attack is successful, there is simply no turning back. Once your data is out, a number of things can happen – you might get blackmailed to pay for your data not to leak any further, or it might be sold on the dark web.

Either way, a breach will have occurred, which could lead to the GDPR breathing down your neck (as well as reputation damage, loss of business, and of course heavy fines).

It's better to not fall for a phishing scam, lest these lead to data breaches. By the time your customer data is out on the internet, it will be difficult to maintain a pristine reputation.

A very telling example of what could happen if a spear phishing attack is successful, is the case of Ubiquiti Networks Inc. In 2015, 46.7 million dollars were transferred from their funds following employee impersonations and fraudulent requests. Ouch... that is a heavy loss for a company!


Read more: what are the most common phishing mistakes every organization make, and how can you prevent them?


Alright, but I don't want any of that to happen

No one wants to accidentally respond to a phishing scheme. But much like other data breaches, these can happen to even the most vigilant of workers. We've all been tired at the end of a long day, longing for a cup of coffee or where the weekend is just around the corner...

That's why an email security solution that detects phishing threats and warns you about a potential scam, saves you a lot of trouble in the end! By making you aware of the potential discrepancy between the name of your boss and the email address used, your tired eyes can give this an extra once-over and block the offending sender from ever contacting you again.

Day saved.

Curious on how we can help you protect against phishing scams?

Probeer nu vrijblijvend

Similar posts