Spear phishing is now the main attack vector for cybercriminals, says Europol

Spear phishing is the number one cyber-threat to organizations in the European Union, according to the European Cybercrime Centre (EC3), a group of cybersecurity experts set up by Europol to help fight cybercrime.

The finding is highlighted in the EC3’s “Spear Phishing: a Law Enforcement and Cross-Industry Perspective,” a strategic report reflecting the views of law enforcement and private entities on spear phishing.

The report, the result of the EC3’s get-together with 70 key partners from industries like internet security, telecoms and finance, offers recommendations and guidelines on how to prevent, respond to, and investigate spear phishing attacks.

It also outlines the main modi operandi criminals use to deceive the target (i.e. emails from trusted accounts, malicious attachments or links to fraudulent websites) and collects conclusions and recommendations for organizations on how to combat this threat on the technical, educational and operational levels. Readers are offered tips on enforcing security policies, implementing artificial intelligence, and raising public awareness of spear phishing.

“Spear phishing is a major enabler of some of the most serious forms of cybercrime, especially ransomware, and can cause real harm to European citizens and organisations,” said Steven Wilson, Head of Europol’s European Cybercrime Centre. “We can only tackle a threat of this scale effectively by working closely with key partners from across industry. The EC3 Advisory Groups and this report are a reflection of our ongoing cooperation to tackle the threat from cybercrime.”

A recent study by AIG, one of the world’s largest insurance companies, highlights Business Email Compromise as the new leading threat to businesses worldwide. BEC is a form of spear phishing also known as “whaling.” BEC operators prey on high-profile figures within a targeted organization, typically impersonating an executive and sending a convincing email to the department authorized to make money transfers.

BEC scams have so far netted over 12.5 billion dollars, according to the FBI’s own cyber-crime fighting group, the IC3. The Bureau recently dismantled one of the biggest international BEC operations, making 281 arrests across the United States, the United Kingdom, Italy, France, Turkey, Japan, Malaysia, Nigeria, Kenya, and Ghana.