{"id":5581,"date":"2020-12-23T22:15:43","date_gmt":"2020-12-23T22:15:43","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5581"},"modified":"2021-10-01T09:55:03","modified_gmt":"2021-10-01T08:55:03","slug":"how-to-protect-your-company-from-spear-phishing","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/how-to-protect-your-company-from-spear-phishing","title":{"rendered":"How to Protect Your Company from Spear Phishing in 2021"},"content":{"rendered":"

Managed services providers (MSPs) are tasked with defending businesses from the many potential cybersecurity attacks that could be leveraged against them, from\u00a0ransomware\u00a0to distributed\u00a0denial of service (DDoS) attacks<\/a>. But of the various types of attacks that bad actors employ today, phishing is arguably the most dangerous. According to\u00a0recent statistics<\/a>\u00a0from VPN Insights, phishing emails open the door for 91% of all cybercrimes. The average user receives 16 phishing emails a month, and 42% of spear phishing targets are successfully tricked into opening malicious email attachments.<\/p>\n

So what exactly is spear phishing? How can MSPs recognize spear phishing attacks before it\u2019s too late? With such alarming numbers, it\u2019s clear that security experts have a duty to better educate their customers about spear phishing to protect them from falling victim. Here are some commonly asked questions about spear phishing you can discuss with your customers to raise awareness in 2020.<\/p>\n

What is spear phishing?<\/b><\/h3>\n

The term \u201cspear phishing<\/a>\u201d refers to any email or electronic communications scam designed to get a particular user, organization, or business to reveal sensitive information. In most cases, the bad actor disguises their attack as a legitimate message from a trusted website or person. Once the spear phishing target clicks on a malicious link or complies with the attacker\u2019s request to send confidential data online, their information can be lifted and used for various purposes.<\/p>\n

Sometimes the primary objective of a spear phishing attack is not to steal information, but to create an opportunity for other kinds of cybersecurity attacks to flourish. For instance, the link a target clicks on could install malware on their network or serve as the first phase of a DDoS attack<\/a>. Either way, spear phishing attacks are becoming increasingly sophisticated and hard to detect, making them more dangerous than ever.<\/p>\n

Is spear phishing more widespread than phishing?<\/b><\/h3>\n

Relevant research hasn\u2019t shown that spear phishing is any more common than standard phishing, but there are important differences between the two types of attacks. Phishing attacks, much like their namesake, are generalized attacks that cast a wide net and hope someone will bite. Spear-phishing attacks, on the other hand, are personalized attacks that target particular individuals, organizations, or businesses. These attacks are disguised to look like they originate from someone trusted by the target and are becoming more prevalent due to their success in getting the target to lower their guard.<\/p>\n

This does not mean, however, that spear phishing attacks are more widespread in the numerical sense. If anything, people simply perceive spear phishing to be more widespread because they are successful a higher percentage of the time.<\/p>\n

Is spear phishing a social engineering attack?<\/b><\/h3>\n

Yes, spear phishing is a type of social engineering attack.\u00a0Social engineering attacks<\/a>\u00a0manipulate people into compliance by preying on human nature. Social engineering attacks typically rely on two factors\u2014trust and inattentiveness.<\/p>\n

Cybercriminals know people are more likely to respond to messages from people or organizations they know and trust, even if they seem a little off upon further inspection. For example, if you\u2019ve recently ordered a sweater online and you see an email that appears to be from that company, most people are naturally inclined to trust it. What\u2019s more, your average busy employee doesn\u2019t scrutinize their emails for phishing attempts at all times. MSPs and their employees have to constantly be vigilant, but a bad actor only has to get lucky once.<\/p>\n

Unfortunately, preying on human nature pays off for a lot of cybercriminals. A\u00a0CyberEdge report<\/a>\u00a0found that social engineering attacks were successful 79% of the time.<\/p>\n

How can I identify spear phishing?<\/b><\/h3>\n

Cyberattackers grow smarter with each coming year, which means MSPs need to be just as smart\u2014if not smarter\u2014in 2020. The best way to identify and stop spear phishing attacks is to go on the offensive. Study up on spear phishing and the possible scenarios you or your customers might encounter. Educate yourself, your employees, and your customers on the types of social engineering techniques that bad actors use. Be sure every end user knows how to differentiate a legitimate email request from a fraudulent one.<\/p>\n

If you can memorize the verbal and visual hallmarks of spear phishing communications, you increase your chances of detecting an attack before it affects your company or your customers. Not all phishing emails are the same, but alarm bells should sound if you see an email that:<\/p>\n