ProSec GmbH

+49 261 45093090

  • About us
  • Services
    • Detection services
      • Classic penetration testing
      • Pentest as a service
      • Web application pentest
      • Vulnerability analysis
      • Red teaming
    • Solution services
      • IT security consulting
      • Data protection
        • GDPR
    • Education services
      • User awareness
      • Trainings
        • Junior penetration tester
        • Penetration tester web
        • Penetration tester network
  • Wiki
  • Jobs
  • Contact

Spear-Phishing

Wiki Bild Spear-Phishing

Targeted phishing

What is spear phishing?

Unlike the classic Phishing , which is designed to attack a large possible group of victims, spear phishing is an attack on a specific organization or person. With spear phishing, the attacker no longer disguises himself in his e-mails as a large organization (such as Amazon, banks, etc.), but becomes more specific and pretends to be an employee, manager, friend or business partner.

Three success factors

Earning the victim’s trust is an essential factor for a successful spear phishing attack. In order for this to be achieved, it is essential that the attacker can obtain as much information as possible. He achieves this, for example, through social engineering and obtaining information from public sources such as Facebook and Instagram.

Imitate a trustworthy person

Unlike normal phishing, a specific person or group, for example a department within an organization, is attacked. The hacker imitates a well-known, mostly high-ranking person within the group. Out of respect and perhaps also fear of losing their job, many victims are believed to fall for the phishing attempt.

Do you want to sensitize yourself and your employees to phishing attacks?

We offer you professional training.

For user awareness training

Confirm identity

It is also necessary to provide information that confirms the supposed identity of the hacker. Because if he can convincingly pass himself off as a superior, then he has a good chance of luring victims into the phishing trap.

Logical reason for requests in the email

It is also necessary that the victim be given a logical reason for the prompts in the message. Because an illogical reason will appear suspicious to him and increase the chance that he will question the phishing.

Whaling

spear-phishing whaling

Board members and employees in managerial positions are particularly popular victims of spear phishing. Because these so-called “whales”, that is “big animals” within an organization, often have special authorizations and access. However, in order to make such an attack successful, a sophisticated scenario and extensive information from the company and the victim are required.

Bild des stellvertretenden Geschäftsführers Immanuel Bär

Increase the security of your system!

You will receive detailed advice from us!

contact now

2020 Twitter Hack

2020 Twitter Hack
Photo: Twitter/TND

An incident in summer 2020 showed us the effects a targeted attack can have on employees, when the well-known social media platform Twitter was the target of a spear phishing attack.

The attackers targeted the accounts of well-known personalities such as Elon Musk, Bill Gates and Barack Obama.

Employees were specifically contacted by phone in order to obtain identities, which were then used against other employees with rights to user administration. With the help of the captured identities and access to the internal network, access to 130 accounts could then be obtained, of which 45 tweets were published. In addition, more than 30 direct messages were read and data downloaded from at least seven accounts.

This incident shows how dangerous a spear phishing attack can be. Because especially in larger companies with classic, steep hierarchical structures, it is often the case that not all employees know each other. This significantly increases the success of such an attack. However, it must be ensured that smaller companies are not spared from phishing attacks, because in the end the company is only as secure as the last employee makes it.

In order to ensure this security, it is advisable to sensitize employees. This can be achieved, for example, through training courses and user awareness campaigns.

Zuletzt aktualisiert am May 26, 2021

OUR LOCATIONS

  • Headquarters:
  • ProSec GmbH
  • Robert-Koch-Straße 1-9,
    D-56751 Polch, Germany

  • Berlin office:
  • ProSec GmbH
  • Friedrichstr. 123,
    D-10117 Berlin, Germany

 

  • Munich office:
  • ProSec GmbH
  • Franz-Joseph-Str. 11,
    D-80801 München, Germany

TOP-SERVICES

  • Penetration testing

  • Vulnerability analysis

  • Trainings

  • IT security consulting

  • Social engineering

All rights reserved. © 2022 ProSec GmbH | Imprint | Privacy policy | Sitemap