Financially Focused Spear Phishing
Spear phishing is another form of phishing that targets specific people, threat actors target organizations and companies in an attempt to retrieve sensitive information. Threat actors have utilized social engineering as their main tool to get the user to allow them to view sensitive information. Since September 2019, the Cal-CSIC (California Security Integration Center) has collected several cases of spear phishing that were used to conduct fraudulent financial actives. For more information on other phishing tactics visit Anti-Phishing.
Threat actors use various tactics and techniques for financial gain: ransomware, ATM fraud, card skimming, and financially motivated attacks.
Tactics used by Threat Actors
- Actors open "fake" email accounts using Google, ProtonMail, Yandex, iCloud, etc.
- The actors will create a fake email using fake or captured information requesting an urgent change in payroll information or allotment information.
- The emails sent by these actors will contain several grammatical errors indicating their illegitimacy as real emails.
Examples are shown below:
- Copies of blank checks will have incorrect character typeset ex. different font, bolded text, name placement, and malformed checked number.
- Direct Deposit or change request lacks information such as social security number or financial institution address.
Spear Phishing Vs. Phishing
Spear Phishing can be confused with phishing; however, the main difference between the two are the targets. Phishing targets masses of people in the hopes that someone will share their information, while spear phishing targets certain people and organizations. The threat actor will send emails based on the interests of the person they are trying to phish. Due to spear-phishing targeting a certain person, the emails they send might be difficult to identify.
How To Minimize Risk for Spear Phishing
- Ensure the sender's name and email are correct (hover the mouse over an email address to view the actual sender's address).
- Review email for grammatical errors.
- Review financial institution information for completeness and correctness.
- Review personally identifiable information such as SSN and review signature against current records.
- If the phishing email is from someone you know check with them to validate the email (Phone call or in person).
Actions You Can Take
- Do NOT respond to a questionable sender.
- Immediately report suspicious requests to your Information Security Officer.
- Report the incident to firstname.lastname@example.org (Foward original email as an attachment)