When Spear Phishing met Mass Phishing: Attackers Starting to use Spear Phishing Tactics in Bulk Phishing Campaigns

August 12, 2024

Analysts typically distinguish between large scale, low effort generic social engineering attacks, bulk phishing, and highly calibrated, high effort social engineering targeting a much smaller individual or class of individuals, spear phishing. However, newer phishing campaigns blur the line between the two.

Normally, the high level of targeting used by a spear phishing attack is time-consuming to develop and not necessarily rewarding, but some campaigns have begun to employ elements of spear phishing in mass phishing campaigns in surprisingly effective ways. Some of these campaigns, like one observed in late 2023, targeted employees of particular companies with high quality spoofed details that imitated HR notifications.

This is normally seen in spear phishing, but in this case it was employed on a much larger scale than typical spear phishing. When accessed, the highly targeted message led to a fake Outlook sign-in page that was not targeted at all, a usual sign of bulk phishing. Attacks of this nature have become increasingly common since then, with over one hundred thousand different mixed-phishing emails having been detected between March and May of 2024 alone.

This may signify a major sea change in how phishing campaigns are run.

More from Blackwired

December 16, 2024

CISOs need to consider the personal risks associated with their role

CISOs face personal liability for cybersecurity incidents, boosting accountability but increasing stress and deterring professionals.

Read more
December 9, 2024

The Shocking Speed of AWS Key Exploitation

AWS keys exposed online are exploited in minutes, highlighting the need for faster detection and response to prevent breaches.

Read more
December 2, 2024

Advanced Cyberthreats Targeting Holiday Shoppers

The holiday season sees increased e-commerce scams, with AI-driven phishing, fake sites, and data theft targeting consumers and businesses.

Read more