It’s not news that cybercrime is a constant battle—large enterprises and small businesses everywhere are susceptible to a myriad of advanced email threats and socially engineered attacks, such as executive or brand impersonation.

Spear phishing is more focused than normal phishing. To protect against this type of phishing, your entire company will need to be educated and protected.

What is a typical spear phishing attempt?

A typical spear phishing attempt is a fraudulent personalized email that is usually sent with an attachment or requests a response. The fraudster then tries to entice the recipient to open the infected attachment or respond with personal information.

 Phishing attacks are all too common and can make a company lose millions of dollars. To protect against this scam, a company must have the right protocols and software in place.

What is a phishing attack?

A phishing attack is a social engineering attack, where an attacker mimics a trusted company or person to steal private information such as login or financial data. These attacks usually come as an email, text message or phone call.

“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible.

Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves often pretend to be C-suite executives in emails to colleagues asking for personal or company information.

If you want to know why business email compromise (BEC) and other advanced email attacks keep working so well, just ask Dilbert.

In one particularly biting installment of Scott Adams' popular workplace comic strip, our tech geek hero sits in his cubicle perusing an email that reads, "Enter your bank account number." Dilbert's thought bubble reads "Scam."

Quick cut to engineer Alice. Same email, same thought bubble: "Scam." One last cut, this time to Pointy-haired Boss as he too reads, "Enter your bank account number."

Awareness. Detection. Containment. Remediation. All necessary steps in the phishing incident response process for SOC analysts. Unfortunately, each of these steps takes time, and that time comes at a cost.  

At Agari we often talk about the evolving nature of advanced email attacks and the identity deception tactics that go with them. These attacks bypass legacy controls and like a magician delighting a curious audience, they trick the human psyche by targeting core human emotions such as fear, anxiety and curiosity. Of course, the magic in this case comes with ill intent.

A good example of a sophisticated attack and one that we address in the Agari Fall’19 release is the use of email with voice message attachments to execute phishing schemes.

The 250% increase in business email compromise (BEC) scams over the past year should concern every organization, as should estimates of $26 billion in losses over the last five years from these attacks.

The recent Internet Crime Report from the FBI showcasing the growth of business email compromise (BEC) from a $700 million problem to a $1.3 billion problem over the course of only one year was certainly alarming. It showcases just how much cybercrime is growing, despite increased defenses across organizations worldwide. 

Cybercriminals increasingly use new forms of identity deception to launch an email attack to target your weakest link: humans.

Call it a case of locking the back window while leaving the front door wide open. Throughout the last year, a number of reports have surfaced about sophisticated cyberattacks that are proving all too successful at circumventing the elaborate defenses erected against them.