A recent report by McKinsey indicated that ‘spear phishing’ has increased seven-fold since the beginning of the COVID-19 pandemic.1 I’m sure that many of you have heard of phishing before but are unsure as to what spear phishing is and/or how it differs.
In a nutshell, it’s a more targeted version of phishing.
Source: APWG Phishing Activity Trends Reports, Q1 2020 – Q2 2022
As Pearl has grown, we’ve seen more and more spear phishing. While it’s impossible to completely eliminate this type of risk, we’re continuously expanding our arsenal of technical and administrative safeguards to decrease the frequency of, and response to, these types of attacks.
If you’ve made it this far, you’re probably wondering what all of this means, so let’s humanize this a bit.
SPF improves your email’s reputation by allowing you to cache a list of authorized IP addresses that are allowed to send emails from your domain. SPF is a protocol that adds information to the message envelope. The downfall with this is that mail servers can remove sections of the envelope when a message is forwarded, eliminating this form of protection.
DKIM allows senders to attach signatures to email headers and validate them using a public cryptographic key. It’s an email tagging system that does not filter or identify spam on but prevent spammers from modifying message source addresses.
DMARC assists mail systems in deciding what to do with messages sent from your domain that fail SPF or DKIM checks.
Security Awareness Training provides our staff with the knowledge needed to identify and report suspected phishing + spear phishing attacks.
Phishing Campaigns allow us to simulate attacks, and thus, put our staff’s knowledge to test and ensure we’re constantly trending in the right direction.