{"id":19273,"date":"2021-12-24T02:09:03","date_gmt":"2021-12-23T22:09:03","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/common-spear-phishing-tricks\/19273\/"},"modified":"2021-12-24T02:09:30","modified_gmt":"2021-12-23T22:09:30","slug":"common-spear-phishing-tricks","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/common-spear-phishing-tricks\/19273\/","title":{"rendered":"Common spear-phishing tricks"},"content":{"rendered":"<p>Virtually every employee of a large company comes across the occasional e-mail aiming to steal their corporate credentials. It\u2019s usually in the form of mass phishing, an attack in which e-mails are sent out at random in the hope that at least some recipients will take the bait. However, the stream of phishing e-mails may contain one or two more dangerous, targeted messages, the content of which has been customized for employees of specific companies. This is spear-phishing.<\/p>\n<p>Spear-phishing messages represent a clear sign that cybercriminals are interested in your company, specifically, and it may not be the only attack in play. That is a major reason infosec officers need to know if any employee has received a spear-phishing e-mail \u2014 they need to prepare countermeasures and alert personnel in good time.<\/p>\n<p>That\u2019s why we advise IT to check filtered e-mails periodically in search of spear-phishing, and to teach other employees how to spot signs of targeted phishing. What follows are a few of the most common tricks, with examples from some fresh spear-phishing campaigns.<\/p>\n<h2>Misspelled company name<\/h2>\n<p>The human brain does not always perceive the whole of a written word \u2014 it sees a familiar beginning and completes the rest by itself. Attackers can take advantage of this trait by registering a domain that differs from your company\u2019s by just one or two letters.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2021\/12\/24020915\/spearphishing-tricks-stadt.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2021\/12\/24020915\/spearphishing-tricks-stadt.png\" alt=\"A company name is missing a letter\" width=\"540\" height=\"192\" class=\"aligncenter size-full wp-image-19274\"><\/a><\/p>\n<p>The cybercriminals who own the domain can even set up a <a href=\"https:\/\/www.kaspersky.com\/blog\/36c3-fake-emails\/32362\/\" target=\"_blank\" rel=\"noopener nofollow\">DKIM signature<\/a> so that the e-mail passes all checks \u2014 it\u2019s their domain, after all.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2021\/12\/24020921\/spearphishing-tricks-stadt-dkim.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2021\/12\/24020921\/spearphishing-tricks-stadt-dkim.jpg\" alt=\"A valid DKIM signature in a spear phishing e-mail\" width=\"884\" height=\"276\" class=\"aligncenter size-full wp-image-19276\"><\/a><\/p>\n<h2>Extra words in the company name<\/h2>\n<p>Another way to fool recipients into thinking a colleague is at the other end is to register a two-word domain, for example, to appear as a sender from a local branch or a particular department. In the latter case, cybercriminals tend to impersonate tech support or security personnel.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2021\/12\/24020928\/spearphishing-tricks-security.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2021\/12\/24020928\/spearphishing-tricks-security.jpg\" alt='A word \"Security\" is added to company name' width=\"584\" height=\"192\" class=\"aligncenter size-full wp-image-19278\"><\/a><\/p>\n<p>In reality, employees from every department should have a standard corporate e-mail address. No one ever sets up a separate domain for security personnel. As for local offices, if you\u2019re not sure, check the domain in the corporate address book.<\/p>\n<h2>Specific content<\/h2>\n<p>A phishing e-mail mentioning your company (or worse, the recipient) by name is a sure sign of spear-phishing and a reason to sound the alarm.<\/p>\n<h2>Highly specialized topic<\/h2>\n<p>Strictly speaking, seeing those names doesn\u2019t always mean a message is spear-phishing \u2014 it might be a variation on a mass-phishing scam. For example, phishers may use a database of conference participants\u2019 addresses and play on the topic of the conference \u2014 that\u2019s mass phishing. If they try to attack employees of a particular company in the exact same way, however, that\u2019s spear-phishing, and thus security needs to know about it.<\/p>\n<p>Finally, to be able to search for potential spear-phishing signs without diminishing the company\u2019s actual security, we recommend installing protective antiphishing solutions on <a href=\"https:\/\/www.kaspersky.com\/small-to-medium-business-security\/mail-server?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____ksms___\" target=\"_blank\" rel=\"noopener nofollow\">mail servers<\/a> as well as on <a href=\"https:\/\/me-en.kaspersky.com\/small-to-medium-business-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">employee workstations<\/a>.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>To be ready for attacks targeting your company, information security officers need to know about received spear-phishing e-mails. <\/p>\n","protected":false},"author":2598,"featured_media":19280,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1917],"tags":[1815,76,2539],"class_list":{"0":"post-19273","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-e-mail","10":"tag-phishing","11":"tag-spearphishing"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/common-spear-phishing-tricks\/19273\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/common-spear-phishing-tricks\/23774\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/common-spear-phishing-tricks\/9660\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/common-spear-phishing-tricks\/26000\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/common-spear-phishing-tricks\/23977\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/common-spear-phishing-tricks\/23663\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/common-spear-phishing-tricks\/26640\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/common-spear-phishing-tricks\/26235\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/common-spear-phishing-tricks\/32136\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/common-spear-phishing-tricks\/10399\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/common-spear-phishing-tricks\/43224\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/common-spear-phishing-tricks\/18339\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/common-spear-phishing-tricks\/18715\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/common-spear-phishing-tricks\/15642\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/common-spear-phishing-tricks\/27911\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/common-spear-phishing-tricks\/27967\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/common-spear-phishing-tricks\/24715\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/common-spear-phishing-tricks\/30134\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/common-spear-phishing-tricks\/29925\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/phishing\/","name":"phishing"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2598"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19273"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19273\/revisions"}],"predecessor-version":[{"id":19279,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19273\/revisions\/19279"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19280"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}