Spear phishing is now the main attack vector for cybercriminals, says Europol

Spear
phishing is the number one cyber-threat to organizations in the European Union,
according to the European Cybercrime Centre (EC3), a group of cybersecurity
experts set up by Europol to help fight cybercrime.

The finding is highlighted in the EC3’s “Spear Phishing: a Law Enforcement and Cross-Industry Perspective,” a strategic report reflecting the views of law enforcement and private entities on spear phishing.

The report, the
result of the EC3’s get-together with 70 key partners from industries like internet
security, telecoms and finance, offers recommendations and guidelines on how to
prevent, respond to, and investigate spear phishing attacks.

It also
outlines the main modi operandi criminals use to deceive the target (i.e. emails
from trusted accounts, malicious attachments or links to fraudulent websites)
and collects conclusions and recommendations for organizations on how to combat
this threat on the technical, educational and operational levels. Readers are
offered tips on enforcing security policies, implementing artificial
intelligence, and raising public awareness of spear phishing.

“Spear
phishing is a major enabler of some of the most serious forms of cybercrime,
especially ransomware, and can cause real harm to European citizens and
organisations,” said Steven Wilson, Head of Europol’s European Cybercrime
Centre. “We can only tackle a threat of this scale effectively by working
closely with key partners from across industry. The EC3 Advisory Groups and this
report are a reflection of our ongoing cooperation to tackle the threat from
cybercrime.”

A recent study by AIG, one of the world’s largest insurance companies, highlights Business Email Compromise as the new leading threat to businesses worldwide. BEC is a form of spear phishing also known as “whaling.” BEC operators prey on high-profile figures within a targeted organization, typically impersonating an executive and sending a convincing email to the department authorized to make money transfers.

BEC scams have so far netted over 12.5 billion dollars, according to the FBI’s own cyber-crime fighting group, the IC3. The Bureau recently dismantled one of the biggest international BEC operations, making 281 arrests across the United States, the United Kingdom, Italy, France, Turkey, Japan, Malaysia, Nigeria, Kenya, and Ghana.