Threats and Trends in Spear Phishing

Threats and Trends in Spear Phishing


Barracuda, a leading provider of data protection including email security solutions, recently released its Spear Phishing: Top Threats and Trends report which outlines the most common threats coming from email and what is trending in terms of cybercriminals’ efforts to compromise your email.

Some highlights from the report include;

Spear Phishing is a highly, personal email attack which is gaining in popularity with cybercriminals by impersonating a website, business or personal colleague to steal sensitive information such as credentials or financial information so they can commit fraud, identity theft or other crimes.

After reviewing over 360,000 spear phishing emails in a three-month period, Barracuda identified the top three threats and some trends related to how cybercriminals are perfecting their attacks.

Top 3 Threats

  1. Brand Impersonation – these attacks are designed to impersonate both well-known companies and business applications. They primarily attempt to harvest credentials (username and passwords) to then create fraud using personably identifiable information like credit card and social security numbers.
    • 83% of attacks overall are brand impersonation
    • 1 in 5 of brand impersonation attacks involve impersonation of a financial institution.
    • Attackers use compromised email accounts. Since the fraudulent email is coming from a legitimate sender, i.e. a real company, it usually bypasses both SPAM filtering and firewall protection.
    • Top 5 Impersonated Brands; Microsoft, Apple, DocuSign, Chase Bank and UPS
  2. Blackmail – most of these attacks encompass sextortion which includes claiming a compromising video, images or other content recorded on the victim’s computer with the threat of revealing the content to the email contacts.
    • 10% of attacks overall are blackmail
    • Attackers use usernames and passwords stolen in data breaches and send threatening emails often via the users spoofed email to request a bitcoin payment.
    • Top 3 Subject lines include; Security Alert, Change Password and Other along with the user’s email address and password.
  3. Business email compromise – often called CEO fraud, whale phishing and banking fraud, these attacks use impersonation of an executive, partner or a trusted individual in the company’s finance accounting department requesting either banking transactions or personally-identifiable information to commit fraud.
    • 6% of attacks overall are business email compromise
    • $12.5 billion in losses since 2013
    • Attackers establish rapport or a sense of urgency or that the topic has been previously discussed.
    • Both domain and display-name spoofing are used to make compromise more likely.
    • Top 2 domains used to send emails include and
    • Top subject lines include; Request, Follow Up, Urgent/Important, Are you at your desk?

Best Practices Around Prevention

The top best practices to prevent the chance of falling victim of spear-phishing include both technology and training options.

Technology options include multi-factor authentication to lower the chance of email accounts being compromised. Multi-factor authentication requires not only a username and password for access but a secondary confirmation of identity including a texted pin or a pin from an authentication application. A second technology to implement is DMARC (Domain Message Authentication Reporting and Conformance) which allows for a receiver of an email to disposition it based on some checks in terms of sender authenticity. A final technology to implement is data-loss prevention to restrict the sending of sensitive information are encrypted or blocked to not leave the company.

Training users about spear-phishing as part of an overall security-awareness training is a solid start. At a minimum, users should be aware of the top three types of attacks and recognize the senders and platforms that attacks are launched from as well as how to keep their email account secure from being hijacked. Additional training on company policies regarding email use and content can limit the chance of sensitive information being sent outside your company.

To read the entire Barracuda Spear Phishing: Top Threats and Trends or learn more about this topic you can contact Tower 23 IT.

Scott Cooper is the President of Tower 23 IT, an IT outsource solution for small to medium businesses specializing in protecting client health and financial data to meet privacy, compliance and security requirements in the healthcare, legal, financial, real estate and insurance industries. Scott can be reached at or 858.877.6219.