Spear phishing describes the practice of targeting specific individuals within an organisation or business for the purposes of distributing malware or extracting sensitive information. As reflected in this year’s Internet Organised Crime Threat Assessment (IOCTA), spear phishing is the number one attack vector and enabler for the vast majority of cybercrime.
The report is the result of a two-day meeting with the European Cybercrime Centre’s 70 key industry partners from internet security, telecommunications and financial services. The Joint Advisory Group Meeting gathered representatives from industry and law enforcement at Europol’s headquarters in The Hague to discuss what can be done to help mitigate this type of crime.
The report highlights the role of spear phishing as the main attack vector for cybercriminals and contains the definition of the main modi operandi that criminals use to deceive the target (among others, emails coming from trusted accounts, malicious attachments or links to fraudulent websites).
Moreover, the document collects conclusions and recommendations for organizations on how to effectively combat this threat on a technical, educational, as well as operational level –enforcing security policies, implementing artificial intelligence and a raising public awareness on the topic.
At the same time, the report highlights some of the challenges related to information-sharing and the investigation of spear phishing attacks. A collaboration effort with law enforcement and the private sector should be done collectively.
Steven Wilson, Head of Europol’s European Cybercrime Centre said: “Spear phishing is a major enabler of some of the most serious forms of cybercrime, especially ransomware, and can cause real harm to European citizens and organizations.
“We can only tackle a threat of this scale effectively by working closely with key partners from across industry. The EC3 Advisory Groups and this report are a reflection of our ongoing cooperation to tackle the threat from cybercrime.”