Spear Phishing - Don't Take the Bait! - GroupOne Consulting, Inc.

April 8th, 2016 / Blogs


Group One uses state-of-the-art technology to protect our clients from malicious attacks from the outside.But there is one thing that is almost impossible to protect against: end users clicking on a spear phishing attachment and invitinga virus onto their PC — and thereby — into the company network.

Spear Phishing Attacks

One technique hackers use is called “spear phishing”. Essentially, spear phishing attempts are directed at specific individuals or companies.Attackers may gather personal information about their target to increase their probability of success. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks.

For example, one of our clients listedtheir email addresses on their website.A hacker then gathered all the emails from their website and crafted the below message:

Spear Phishing

Good News

Before it could spread into the network beyond the one user’s workstation, Group One IT’s protection systems shut the Crypto Virusdown.

This could have been very bad. This was a version of the “Cryptolocker” ransomware virus similar to the onethat recently infected a hospital in southern California. If this virus brought an entire hospital to a grinding halt, think of what it could do to your organization.


We were able to restore the user’s data back to the most recent backup. He was up and running again in less than two hours, and he only lost a few hours of work. A few hours. Consider that viruses just like this one have been known to take down entire organizations — not for hours, or days or even weeks —permanently. When an effective ransomware spear phishing virus is completely successful and wipes out anentire database, many companies are simply unable to recover and ultimately close their doors.

Moralof the Story:

Don’t click on attachments without knowing that the sender is legit.

Written by Chris Wiegman