Countless individuals and organizations have unwittingly wired money, sent W2s, and emailed credentials to cyber criminals who were impersonating their boss, colleague, or a trusted customer. Spear phishing attacks can have devastating results for individuals, businesses, and brands, and unfortunately, they work because they are so simple and believable. A successful attack doesn’t require advanced hacking techniques, but rather gathering information about you that’s already posted online and spending five minutes to write a well-crafted email. The attackers can pick up information about their targets from a variety of sources: whether it’s posted on LinkedIn, Facebook, or on the company blog.
Spear phishing is something we’ve become very familiar with at Barracuda, as we have over a decade-long history of studying email-borne threats and the overall cyber threat landscape. Over the last year, we have spent a lot of time researching and analyzing highly-personalized spear phishing attacks.
This led us to build Barracuda Sentinel — the first comprehensive AI solution for real-time spear phishing and cyber fraud defense. In this month’s Threat Spotlight, we take a look at two recent spear phishing attacks that were caught by Barracuda Sentinel, and demonstrate how simple these attacks are to orchestrate.