Spear-Phishing Examples Can Teach Us How To Stay Safe Online
A survey conducted by Proofpoint/Censuswide among organizations across the US, UK, Australia, France, and Germany revealed that around 75% of them had become spear-phishing victims at least once in the year 2018. Further, the study showed that anyone that had been a victim once could be affected again by such attacks.
One who takes the necessary precautions for protection could still be vulnerable. It is because a spear-phishing attack has no single form. It calls on you in varied garbs. Hence it is necessary to have a basic understanding of its various manifestations. Here, let’s have a look at its different forms and also some of the spear-phishing scams that shook the world.
Table of Contents
Spear-Phishing Examples Of Various Kinds
Following are some of the predominant varieties of spear-phishing attacks around us
CEO Fraud Model
In this widespread form of spear-phishing, an employee in an organization receives a fake email pretending to be from his/her CEO or a similar top official. The false CEO/ official orders to transfer considerable amounts of funds to a particular account, details of which are mentioned in the email. The employee who is keen to obey the superior’s orders transfers the requested funds without delay.
Trusted Party Lures
In this form, some hacker studies about you using all the personal information you present online, especially on social media. The process is called ‘social engineering’. They then establish communication with you in a fake identity disguised as one of your close friends or associates. Gradually, they get you to divulge your sensitive information to them.
Fake Invoice Phishing
The hackers send fake invoices of large sums to big corporates using a false email address pretending to be their vendors. The organization mistakes them for the original vendor and transfers the money requested. As in the case of any spear-phishing case, serious research about the victim is done here also.
Whaling
Whaling is not much different from the primary form of spear-phishing except that it targets high profile individuals and celebrities. The hacker studies about the individual’s history and personal interests and communicates pretending to be a close friend. It gradually leads to divulging of sensitive information by the victim to the phisher.
APT (Advanced Persistent Threat)
Advanced Persistent Threat method initially started as a reconnaissance tool used by governments, military, etc. In APT, the hacker gains trust through a weak link, usually an unsuspecting employee, by using spear-phishing, in any large organization’s network. It will help them plant malicious code in the system. It remains there and keeps lifting confidential data to an extended period of time until its presence is found out. This form of spear-phishing was not meant to steal money but for valuable information.
Spear-Phishing Lessons From History
Even large corporates have been victimized by spear-phishing, resulting in loss of tens of millions of dollars. This emphasizes the importance of lesser mortals to be extra vigilant when it comes to spear-phishing. Some of the most significant recent spear-phishing attacks are listed below.
FACC Aerospace scam
The Austrian aerospace spare parts manufacturer FACC lost $61 million when an employee received a ‘CEO Fraud’ model fake email. He transferred the funds to a phony project, thinking he was obeying the command of his superior.
Facebook/Google Invoice Scam
This scam is an example of the ‘fake invoice’ phishing. A Lithuanian hacker sent fake invoices to the two digital giants pretending to be one of their vendors. Both the corporations combinedly lost $100 million as a result.
Crelan Bank Fraud
Crelan bank in Belgium compromised $76 million in yet another case of ‘CEO fraud.’ The fraud was found out when the bank did the auditing much later. The hackers are unknown to this day.
Ubiquiti Network
A large computer networking organization, Ubiquiti lost around $47 million in a ‘CEO fraud’ incident. The institution came to know they got cheated only later.
Upsher-Smith
Upsher-Smith, a drug manufacturer, was also a victim to several fraudulent emails pretending to be from the CEO, based on which funds were transferred several times, amounting to $50 million. The amount was initially more; however, one of the transfers was able to be recalled.
Conclusion
It is very clear from the above spear-phishing examples that neither the large corporates nor ordinary individuals can easily slip away from the clutches of spear-phishing and how common is spear phishing. Spear-phishing comes in various forms, and every individual is equally vulnerable. One needs to be adequately educated about each kind of spear-phishing and also trained on spear-phishing protection and how to prevent phishing attacks.
Join the thousands of organizations that use DuoCircle
Find out how affordable it is for your organization today and be pleasantly surprised.