The Art of Spear Phishing
In the recent history, some of the infamous cybercrimes such as attacks on the major banks, media companies and even security firms had started with just one employee clicking on a spear-phishing email. Spear phishing is an email that appears to be from an individual or business that you know. But it isn't. This strategy is on the rise because day by day it is becoming more sophisticated, which mints money to the hackers.
The traditional antivirus software and spam filters do not detect these mails as the sophistication of spear phishing mails are increasing day by day and they have gained the potential to surpass the security checks. From a hacker’s point of view, spear phishing is one of the perfect medium to exploit the user’s data. Most of the time, threat actors mainly target top-level executives and trick them into activating malware that gives access to their companies’ environments.
Spear phishing mail threats can be in many forms; it can be a ransomware that encrypts company data, then demand a ransom from the victim to remediate the situation. Other threat vector includes banking and point-of-sale reconnaissance Trojans that target retail and hospitality industries. Normally, the targeted officials grace a high position in the industry such as Chief Financial Officer (CFO), Head of Finance, Senior Vice President and Director.
Top 5 Spear-Phishing Attacks Targeting Executives
5) Better Business Bureau Scam
In this scam, executives had received an official-looking email, which was camouflaged as it came from the BBB (Better Business Bureau). The email had a message of complaint, which a customer has supposedly filed, or claimed that their company had been accused of engaging in the identity theft. Added to this, to make the message look genuine, a complaint ID number is added and the employee/recipient is asked to click on the given link if they wish to contest the claim and if they wish to know more about the accusations. Once the link is clicked by the employee, malware is downloaded onto the system.
Once the malware is downloaded onto the
system, the hackers can access anything and everything stored on the
PC. In simple words, the internet life of a victim became an open book
to the hackers. It includes accessing the data to know who they sent the
webmail to and who they receive it from, what websites the victims were browsing,
their online shopping history, credit card details, social security
numbers, their home address entered in the shipping forms to name a few –
all internet activities of the victims were being secretly stored in a criminal's database.
4) The Smartphone “Security App” Scam
The Smartphone “Security Scam” is a 2-step attack. With minimal research, hackers execute this scam where they simply try to find the name and email addresses of top executives and trick them to click on a malicious link. Sometimes, spear phishing emails have enough details to fool even experienced security professionals. When the user clicks on the provided link, it infects their PC with a keylogger.
This way the hacker obtains the confidential data as well as bank account details and passwords.If the bank uses two-factor authentication, hackers spoof an email claiming to be from
the said bank and ask the user to install a smartphone security app,
which is a malware that gives them accessto the user’s smartphone. With this strategy, the cybercriminals will get full access
to the user’s bank account login credentials and at the same time, they
can control any two-factor authentication text messages sent by the
bank while making a transaction.
Xoom is an international money transfer business, which was acquired by PayPal, so employees who work there ought to have a good knowledge about the dangers of wiring money to unknown accounts. After all, the most basic search on internet deliversscores of pages about alleged frauds perpetrated via Xoom. This company was stung in an email spear-phishing scam that costthem $30.8m. The spear-phishing scam incident involved an employee impersonation and fraudulent requeststhat targeted the company's finance department. Nonetheless, it was not clear whether the spear-phished executives used Xoom's network to transfer the money or any conventional banking system, but either way, there was no news, which gives a clear picture about the incidence.
One cannot expect that a top Australian Company became a victim of spear phishing attack. The CEO of the company was targeted, which eventually made him lose his job followed by a 14-hour board meeting. This scam has sent a message to all top executives across the world. According to the report, this cyber fraud made thecompany to lose €51m,
but fortunately, the company was able to save €10.9m being transferred
to the hackers account. The hoax emails, purporting to come from the
Stephan, asked the CEO to transfer money for a fake acquisition project
known as the trade of ‘fake president incident'.
Naturally, this project demanded utmost secrecy, which made the CEO to
believe it as genuine and accept the mail. This fraud pushed the company
towards an operating loss of €23.4m in its 2015-16 financial results.
1) Crelan Bank
The Crelan bank of Belgium takes the crown as the world’s biggest victim of
spear-phishing fraud. The bank was hit in January 2016, shortly after
the FACC attacks. In the spear phishing email, fraudster posed as the
CEO of a big company and asked a bank official to wire a certain amount. According to the worker, the mail
said the payment has to be done by maintaining the secrecy as the
company allegedly faced a sudden tax audit. This scam cost €70m (£59.1m)
to the Crelan bank.