A look at how hackers create spear phishing emails

Spear phishing emails are highly effective and have been the cause of many successful hacking attempts. Unlike a regular phishing email that could be sent to thousands or millions of recipients, a spear phishing email is created to target just one victim. And if that victim falls for the bait, there is a good chance that they will turn over valuable information including network user accounts and passwords or confidential information such as bank account login credentials.

In an interview over at Business Insider, Ray Boisvert a professional ethical hacker for hire tells how he creates spear phishing emails.

He would scour LinkedIn looking for the least cybersavvy (company) employees, such as those who work in nontechnical areas and new hires unlikely to recognize an atypical email.

The infiltrator will then try to guess the employee’s email address by learning the format of a typical address for that company (e.g., [email protected]) and sending out messages repeatedly until they stop bouncing back.

After attaining the victim’s email address, the hacker looks to social media to learn as much as possible about his target’s professional background, friends, and general interests.

In this way, he can customize the phishing email as much as possible — even posing as one of the victim’s closest friends (profile picture included) — to make it look familiar and increase the odds that the target will trust it.

Clearly social media is a treasure trove of valuable information that can be used to help create spear phishing emails. Make sure your employees, customers, family and friends understand how these email are created and targeted at individuals. Steps to help prevent phishing scams include:

  • Minimize the amount of information shared on LinkedIn, Facebook, Twitter and other social media sites
  • Raise awareness of what phishing emails are and how to spot them
  • Instill some fear or concern into employees, family and friends so they will at least question the validity of emails

More on blogs

The Rise of AI in Cybersecurity: Opportunities for MSPs

Learn how MSPs can harness AI Awareness and Security Awareness Training to protect and empower their clients against sophisticated cyber threats. Discover the unique opportunities

MSPs Are Succeeding in Staying Ahead of Client Expectations by Leveraging AI Awareness Training

Businesses are rapidly adopting AI, but many lack the training to use it effectively and securely. Learn why MSPs should offer AI Awareness Training to
Take the First Step

Experience Training That Makes a Difference

during the demo you’ll:

Take the First Step

Experience Training That Makes a Difference

During the demo you’ll: