While the concept of phishing emails has been around for decades, the practice has evolved from a basic to a complex and time consuming investigative approach. Today, cybercriminals will seek to find every waking detail of one’s personal and work life to then mimic them through email and convince a colleague to hand over valuable and confidential information. You may remember the medieval times of phishing emails sent from “Nigerian princes” who want to give their millions of dollars to a “good Samaritan.” Well, times have changed. Today’s spear phishing tactics can fool even the most experienced IT employees. Here are 10 common characteristics of a spear phishing attack that cybercriminals rely on to convince their victim to hand over such valuable information:
- The attack is handcrafted by professional criminals
- The attack is sent by someone you know
- The attack includes a project you are working on
- Your attacker has been monitoring your company’s email
- Your attacker can intercept and change emails as needed
- Your attacker uses custom or built-in tools to subvert antivirus software
- Your attacker uses military-grade encryption to tunnel your data home
- Your attacker covers their tracks
- Your attacker has been in your environment for years
- Your attacker is not afraid of getting caught