ABSTRACT:
Recently, there has been a rapid and dramatic shift from broad spam attacks to targeted email-based-phishing campaigns that are causing significant financial, brand and operational damage to organizations around the world. Some of the most notorious cyber-crimes in recent history — such as the attacks on major banks, media companies and even security firms — started with just one person clicking on a spear-phishing email. Spear Phishing is a type of cyber-attack used by a range of adversaries to steal information or cause disruption to an organization’s business. Spear-phishing is increasingly being used to penetrate to systems as the preliminary stage of an Advanced Persistent Threat (APT) attack, to create a point of entry into an organization. Employees, individuals are targeted with email containing information personal to them. Spear phishing is on the rise because it works. Traditional security defenses simply do not detect and stop it. From a cyber-criminal’s point of view, spear phishing is the perfect vehicle for a broad array of damaging exploits. This is easy through searching the name of a CEO, email addresses from a corporate website and then sending what appears to be a message from the boss to email accounts on the corporate domain. Every organization is at risk of cyber breach. This paper identifies the attacking strategies of Spear Phishing and steps organizations or business owners can take to manage or prevent the risks..
Keywords:
cyber-attack, E-business, Spear-phishing