Spear phishing is something I blogged about in March. This is where individuals are targeted for phishing attacks. Last year experts said this would grow and now, several months later, the data confirms this.
In an article published today in ComputerWorld "Single-Victim Phishing Attacks Skyrocket", it says:
In a report issued Wednesday, MessageLabs Ltd. said it intercepted 716 messages from 249 targeted attacks last month; those attacks were aimed at 263 domains representing 216 customers.
Last year, said Alex Shipp, a MessageLabs research engineer, the company was seeing two a day on average. "Two years ago it was two attacks a week, last year two a day," he said.
The method of attack usually uses MS Office documents. According to the article "Most of the attacks rely on malformed Microsoft Office documents, in particular Word and PowerPoint files, said Shipp. "They're not just using one exploit, but several" in a single malicious file, he added. Together, Office attack documents made up 84 percent of March's detected one-offs."
So, if you're a medium to large scale enterprise, what can you do to prevent this?
Stronger authentication won't help prevent these attacks. Intrusion detection and AV solutions may miss the attack. Therefore, the best solution is to educate your users to not click on links in emails, instant messages or open document attachments which arrive unexpectedly.
If you don't then pray you're not on the pointy end of a spear phishing attack.