Spear-phishing, a targeted phishing scam


Today, cyber security is more important than ever. Every day, new attacks are reported on digital messaging systems, so cybersecurity has become a priority for many companies.


The most widespread targeted hacking technique, it is used by cybercriminals who mainly target businesses. A powerful variant of phishing, it’s a malicious technique that uses e-mail, social media, instant messaging and other platforms to trick users into divulging personal information or performing actions that compromise the network and generate data loss.

The e-mails used in a spear-phishing campaign appear to come from a reliable source. The sender is usually a large company or a well-known Internet platform with a large number of members, such as Paypal or eBay. Spear-phishing is perhaps the most perfidious way of gaining access to foreign computers.

The cybercriminal knows not only the victim’s personal e-mail address, but also details of their private and professional environment. It hijacks the identity of a friend or colleague, making the e-mail seem completely harmless. It seems almost impossible to detect the attack. This is the most successful form of confidential information acquisition on the Internet, accounting for 91% of all attacks.


Spear-phishing versus phishing

Spear-phishing can easily be confused with phishing, as it involves online attacks against users to obtain confidential information.

Phishing attacks are generally not personalized, and are sent to large numbers of people at the same time. The aim of phishing attacks is to send a spoofed email that appears to come from a genuine organization to a large number of people, in the hope that someone will click on the link and provide personal information or download malware.

Spear-phishing attacks target a specific victim, and messages are modified to specifically address this victim, allegedly coming from an entity with which they are familiar and containing personal information. The spear-phishing technique requires more thought and time on the part of cybercriminals than phishing.

How to protect yourself?

As e-mail is the most common point of entry for these targeted attacks, it’s important to protect this area against likely spear-phishing attacks. Here are some tips on how to avoid these attacks.

1. Raising awareness

Employees need to be trained to spot spelling mistakes, strange vocabulary and other indicators of suspicious e-mails that could prevent a spear-phishing attack from succeeding. User awareness is the cornerstone of your information system’s security.

2. Update your software frequently

If your software supplier informs you that there’s a new update, do it right away. Most software systems include security software updates that should help protect you from common attacks. Operating systems, software drivers and third-party applications must also be updated regularly.

3. Use strong passwords

Don’t use a single password or password variants for every account you have. Reusing passwords or password variations means that if an attacker has access to one of your passwords, he will have access to all your accounts.

4. Protecting your e-mail

It is also essential to use an effective protection solution against spear-phishing. Altospam offers companies an email security solution that protects all mailboxes from phishing scams.
Test Altospam’s anti-phishing and anti-spear-phishing solution free of charge.
Altospam’s anti-phishing and anti-spear-phishing solution will protect your entire company from all kinds of email attacks. Installation takes less than 5 minutes, with just a simple DNS change required.


Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …