spear phishing threats represented by a cartoon burglar with a spear in a canoe

by Kevin Lancaster

Dark Web data dumps are powering today’s sophisticated spear phishing threats, enabling them to fool even savvy employees. 

Today’s biggest threat is phishing. Phishing through social engineering, messaging, and social media is growing, as is whaling. But the most dangerous threats that most companies face today come in the form of spear phishing attacks. These multipurpose attacks are used to deliver ransomware, score passwords, and cause cybersecurity trouble at companies of every size – and Dark Web data dumps are empowering spear phishing threats to become even harder for staffers to resist. 

How Big is the Risk? 

These 5 facts about spear phishing threats in the post-pandemic world illustrate how dangerous this threat is in 2020.

Fresh Phish, how not to become part of the 2020 phishing boom in gold on a blue, watery background.

Download our NEW eBook “Fresh Phish: How to Not Become the Catch of the Day in the 2020 Phishing Boom” NOW>>

How it Works 

A recent spear phishing attempt against customers of Lloyd’s Bank illustrated how the nature of these attacks makes them harder for people to resist. In that scenario, customers received both an email and a text message warning that an unauthorized device had attempted to log in to their accounts. Customers were instructed to go to a special site to reset their password, but it really captured their information and gave cybercriminals access to their accounts.

The email, text message, and website were carefully branded and designed to look like a real communication from Lloyd’s Bank, and the 1 –2 punch of the email and text message fooled some customers into believing the lie. The bank was able to get warnings out about the scam, and the messages contained small errors that set off red flags for vigilant users, but the damage was done.

Most of these attacks are powered by the massive amount of leaked data that’s available on the Dark Web. Cybercriminals can make use of more than just stolen credential and credit card information to fuel cybercrime. You don’t even have to do it yourself: cybercrime as a service is a growing industry.

Personal data about millions of people have been stolen as well from social media breaches and other cyberattacks including passwords that are often shared and information about hobbies, interests, organizations, charities, pets, shopping patterns, and other lifestyle details – and it’s all used for cybercrime.

How to Defend Your Business 

Give your staffers the tools and training that they need to be your strongest line of defense against phishing-related threats like ransomware. The combined power of Graphus and BullPhish ID helps your business avoid spear phishing pitfalls and stay safe from cybercrime. Here’s how:

Get Graphus 

The best way to prevent a staffer from making that fatal click on a phishing email that unleashes a cyberattack nightmare is by preventing it from ever reaching them with a dynamic automated phishing defense powered by a smart AI that evolves with each business to grow with them.

Graphus puts 3 layers of security between a phishing email and your business:  

  • TrustGraph® automatically detects and quarantines dangerous emails that get through email platform security or an existing Secure Email Gateway (SEG).
  • EmployeeShield® adds an interactive warning banner to questionable messages, alerting intended recipients to quarantine it or mark it as safe with one click. 
  • Phish911™ empowers employees to bolster email security by enabling them to quarantine suspicious messages for IT to investigate. 

Graphus seamlessly integrates with O365 and G Suite to provide fast, cost-effective, set-it-and-forget-it protection against phishing that evolves to grow with every unique business automatically.

Graphus can also give you valuable threat intelligence to give you an edge against phishing attacks and guard against a data breach by showing you your risk picture through the Graphus Insight Dashboard when you choose to activate the extended reporting option. It’s one of the most popular features.  

Get BullPhish ID 

BullPhish ID and Graphus seamlessly integrate, working hand in hand to transform your staff from your largest attack surface into your largest defensive asset. Users who are regularly trained to resist phishing threats will be more likely to notice suspicious communications of any type, and more likely to use the Phish911 feature of Graphus to report potentially dangerous messages.

  • Regular security awareness training can reduce your incident risk by up to 70%.  
  • We add 4 new plug-and-play phishing resistance training kits (including video lessons) to BullPhish ID every moth to keep staffers up to date on the latest threats. 
  • Easy remote management including online testing enables companies to quickly and accurately find out who needs more help and train accordingly. 

Give Phishing the 1 – 2 Punch

Fighting back against spear phishing isn’t complicated. With the combination of state-of-the-art phishing resistance training provided by BullPhish ID and innovative automated phishing defense using a smart AI from Graphus, you can feel more certain that your company is protected from today’s most devastating threats.


Share This Post!