Spear-Phishing Highly Likely to Increase Through 2017
Max Kobrak – Cyber Technology and Security Correspondent
17 September 2016
The demographics of phishing scams are shifting to favor more sophisticated spear-phishing attacks. Since spear-phishing is tailored to a specific target, it is harder to detect and is often more successful; especially when the target is a small business. It is highly likely that spear-phishing attempts will continue to increase through 2017 despite a substantial decline in overall phishing activities worldwide.
Phishing is the use of deception to acquire sensitive information.[i] Although dozens of phishing types exist, the use of fake emails, texts, and instant messages to acquire personal information is the most common form.[ii] Spear-phishing attempts to make the fake message appear more legitimate by designing it for a specific organization. If phishing is successful, the target will be tricked into either, sending money or information to a fake account, or downloading malware which is used to access the organization’s network remotely.
Cyber criminals use spear-phishing for a variety of reasons. First, they may want to steal the organization’s data and sell it on the black market.[iii] Second, they want to hold an organization’s data ransom. Holding the data ransom is often more profitable because the data is usually worth more to the organization than any potential buyers. Ransomware put almost all organizations at risk, since criminals no longer have to target the ones with valuable data. Finally, the criminals may target a small business to access backdoor into a larger organization.[iv] Small businesses are increasingly popular targets because they often devote less time and resources to cyber security.[v]
The frequency of phishing scams has drastically declined in the past five years. According to Financial Fraud Action (FFA), a UK-based nonprofit, the number of phishing sites it recorded decreased from over a quarter million in 2012 to 16,462 in 2015.[vi] Symantec’s 2016 Internet Security Threat Report also found that the total amount of phishing attempts worldwide is declining, however, spear-phishing has substantially increased.[vii] Between 2014 and 2015, the number of victims who opened a phishing email rose from 23% to 30%.[viii] It is highly likely there is a direct correlation between the decrease in phishing attempts and the increase in phishing success rates. It is also highly likely that spear-phishing attempts will increase through 2017 due to the success of previous activities.
Analytic confidence for this assessment is high. The analyst used analysis of competing hypothesis. Source reliability is high, most sources corroborated each other. The analyst’s expertise is low and the analyst worked alone with slight discussion with teammates. Subject complexity is moderate and the time available for the task was sufficient.