Spear Phishing |
Attack Pattern ID: 163 (Standard Attack Pattern Completeness: Stub) | Typical Severity: High | Status: Draft |
Summary
An attacker targets a specific user or group with a phishing attack tailored to a category of users in order to have maximum relavence and deceptive capability. Spear Phishing is an enhanced version of the Phishing attack targeted to a specific user or group. The quality of the targeted email is usually enhanced by appearing to come from a known or trusted entity. If the email account of some trusted entity has been compromised the message may be digitally signed. The message will contain information specific to the targeted users that will enhance the probability that they will follow the URL to the compromised site. For example, the message may indicate knowledge of the targets employment, residence, interests, or other information that suggests familiarity. Once the users follow the instructions in the message, the attack proceeds as the standard Phishing attack.
The attacker must have the identity of the individual being attacked and inform sufficient to generate a compelling reason for clicking on the supplied URL. Access to a compromised email account of a trusted individual or ability to spoof the origin of the message greatly enhances the probability that the target will be compromised. This is in addition to the resources needed for regular Phishing attack.
Design: Provide for anti-Spam filtering, blacklisting addresses and virus scanning in email delivery solution.
Implementation: Scan all email for Spam, virus and blacklisted sites. Keep Spam and addresses blacklists current. Quarantine any suspicious email and attachments.
Implementation: Train users to be suspicious of email and not to open attachments or click on URLs contained in suspicious email.
Implementation: Log all email subjects, senders, attachments and should a Phishing email be detected inform all recipients with who might have received the same email.
Implementation: Do not follow any links supplied in email or from untrusted web sites.
Nature | Type | ID | Name | Description | View(s) this relationship pertains to![]() |
---|---|---|---|---|---|
ChildOf | ![]() | 98 | Phishing | Mechanism of Attack (primary)1000 |