Spear phishing, a targeted variant of email scams, has surged since 2015, inflicting massive financial losses on businesses and siphoning millions from the global economy through sophisticated hacker attacks.
Its growing prominence led Facebook to award its 2017 Internet Defense Prize on August 18 to University of California, Berkeley researchers for developing an automated spear phishing detection system. They've shared a detailed paper outlining effective detection strategies for corporate environments.
While spear phishing emails appear highly legitimate compared to broad 'lottery' scams, they still betray subtle flaws. Detection relies on heuristic analysis of emails sent to and from the target, identifying anomalies in message bodies and headers.
For instance, if a trusted U.S.-based contact suddenly emails from Nigeria, that's a red flag. The Directed Anomaly Scoring (DAS) algorithm scrutinizes the email content for suspicious elements, such as unvisited links by other employees or low-reputation URLs.
Most attackers spoof only the sender's name, not the address, so DAS cross-references names against recent email history. Mismatches trigger alerts.
In essence, DAS evaluates email content, headers, and corporate LDAP logs to distinguish spear phishing from legitimate oddities. In tests across 370 million emails, it caught 17 of 19 attacks with a mere 0.004% false positive rate—impressive results.
One lingering question: Do enterprise email scanners infringe on privacy, even when limited to fraud detection? Share your thoughts in the comments!
