The number of reported spear phishing scams continues to rise, according to Advisen data, and these sophisticated cyber attacks have the ability to rob businesses of millions in funds and corporate secrets. Far from being a typical email scam, spear phishing involves targeted, often long-term plots to trick organizations into wiring money, clicking on links that will provide an entry point for malware into a system. 2014 produced the highest number of spear phishing reports in 10 years, and 2015 is already on track to meet or exceed it, according to Advisen data.
The goals of spear phishing tend to be either money, corporate intelligence, or proving one’s chops as a hacker, in some cases, according to experts speaking during a recent Advisen webinar. Therefore, any business could be a threat, but Advisen data show that most fall into the “services” category — these are likely businesses that interact in a variety of industries. Finance, insurance, and real estate encompass a quarter of all cases, due to the potentially profitable information available from those companies.
Spear phishing arises from legitimate-looking emails that fool employees of target organizations into giving up information or funds under false pretenses. For example, a 2013 case resulted in the theft of over $1 million from the Cascade Medical Center in Washington state. Spear phishing emails sent to Cascade employees allowed criminals, suspected to be part of a Russian hacking gang, to steal log-in credentials and slip into the accounting system. In one of the rarer instances, the medical center recouped over $400,000 due to banks’ cooperation after the fraudulent transfers. An estimated $478,886 disappeared in total.
Another 2013 saw a case at England’s St. Aldhelm’s Academy, where the school’s financial staff was tricked by emails that appeared to come from the school’s bank. After providing banking details, a quick $1.7 million slipped from St.Aldhelm’s grasp.
