By now, most of our customers and readers of our blog know what phishing is. Spear phishing, however, refers to the technique of sending specially crafted emails to specific email users. Over the last few months (and years) these techniques have gotten more sophisticated and malicious actors having seen greater degrees of success using them. As a hoster of 1000’s of exchange mailboxes, we see many different types of attacks, the vectors they choose, and when they succeed and fail.

The anatomy of a spear phishing attack

Many of the spear phishing attacks we’ve observed have two common elements: an understanding of the corporate structure of their target and familiarity with how the organization uses email.

Email Structure

Between LinkedIn, whois, press releases, and the about us page on your website, an attacker can easily find your executives, board members, and other leaders of your organization. I’d high encourage everyone to check a whois website (like who.is) and run your domain through it.

continue reading »