Spear Phishing

Spear Phishing Trends and How to Protect your Organization?

Phishing attacks in cyber world are not new. Anyone having email accounts encountered this now or then. But, this cyber security threat has never gone out of style and it is still very much there. The reason for which it still exists is simple – it still works and profitable. Some recent studies show that a spear phishing technique can cost a company worth $5 billion.

Being the provider of best Cybersecurity Services Hong Kong, we are working on preventing phishing attacks to the organizations for quite long. So, we have prepared this post to aware the organizations on spear phishing and to tell them how to stay protected against it.

What is a Spear Phishing attack and how does it differ from normal phishing attacks?


Phishing attack works by sending spam emails to someone’s email account with malicious links. Attackers gain important information through these links. Information may contain your personal details, images, even bank account information or credit card information.

Spear Phishing emails are crafted to look more genuine to the end users. It may look like someone you already know has sent you an email asking for some information. It can contain the logo of any organization or bank, sending link to upgrade your account information, or even human resources staff asking employee detail to update their system and so on. A study says that at least 1 in 5 employees clicks on these kinds of links.

Spear phishing attacks target some specific audience to gain information which can lead them compromising their financial or highly secure other information about the organization they work.

If your company or you as an individual face similar issues, you can take our Cybersecurity Services Hong Kong.


Phishing Trends – Where the phishing attacks are moving towards?

According to Phishlabs intelligence reports in 2017 and some other phish trends reports here are some trends of spear phishing attacks that are found.

  • Phishing sites reside more than 17000 unique domains and got a rise of 23%
  • Phishing volume has grown more than 33% all over the world.
  • Asian countries are new favorites for the phishing attackers.
  • Small businesses, startups, critical infrastructures, small financial organizations, education sector and healthcare domain are the targets of phishing attacks, where there is a chance of not having super strong security plans implemented.
  • More than 30% of phishing kits identified are being used to evade detection.

How to protect your organization from spear phishing threats?

Bad news is – The smarter the technology is becoming, the bolder these threats are growing. Attackers do not target the whole organization but focus on a limited number of employees. But still, you can save your organization from such kind of threats if a good plan is in place. Here are some ways to prevent spear phishing attacks in your organization.


1. An anti-phishing technique that works across vectors: Organizations have to become smarter to implement advanced techniques to prevent these cyber criminals to get your information targeting different communication vectors like email and networks. Businesses can discover a real time web based attack and then trace back the email that initiated the attack. It can also be determined if other vectors are also used or affected through this attack. All of these analysis helps to determine a plan to prevent the attackers by blocking their domain, ip, MAC addresses etc across vectors.

2. Next step is to gain the knowledge about your customers and their systems are getting phished or not. Spear Phishing attacks can target your customers, their databases, information through the data phished from your organization. Important step is to educate your customers about the threats to prevent their systems to be attacked.

3. Checkout and evaluate your online interactions through emails. If most of the emails contain sensitive information, you need to have an encryption to all those information sent through emails. Not only emails, the cloud storages, physical hard drives, email communications, any other online communication, passwords, internet activities, external storages or even files that contain sensitive information. Encrypt all of them while being online.

4. Make the DMARC technology your best friend. DMARC stand for Domain Based Message Authentication, Reporting and Conformance, a standard to check and verify the authenticity of email communications. It determines if the email has come from an authentic source or not. Through this, you can block all the domains or reject emails from the domains that are not matching your organization’s authentication.

5. Educate your employees about the potential threats, loss can happen through the threats, not to click on any phishy emails or send any kind of data without confirmation.

6. Implement strong protection and authentication techniques in your organization, Multiple layers of authentication techniques can help combating those cyber attackers.

7. Applying acceptance only specific domain based emails and implementation of proper email filter techniques are helpful trick to get saved from Spear Phishing attacks as a business.