What is Spear Phishing?

Spear phishing is a technique of sending targeted and carefully crafted emails to victims in order to deliver malware or another kind of attack. With spear phishing links, the malware is delivered through a website with the URL in the email.

Protecting Against Spear Phishing Attacks

The majority of spear phishing attacks now use links to malware rather than delivering the file directly in the email itself. Corporate mail servers are a perfect spot to screen incoming emails for any kind of risky content. On the other hand, it is very difficult to automatically test links for safety.

Once clicked, the link causes the browser to initiate an attack against itself quickly compromising the user’s computer. Browsers contain a seemingly endless supply of vulnerabilities for attackers to use in compromising business networks.

Passages takes a three pronged approach to protecting users against spear phishing links:

The Passages Virtual Machine contains any attack. It prevents all unwanted communication between the local machine and the virtual environment. Any malware is prevented from infecting or impacting the host computer, and at the end of the session it is all completely destroyed.

The Passages Virtual Private Network then takes the isolation to the next level by segregating all network traffic from the browser away from the physical local network. It ensures that neither the browser, nor any downloaded malware, can see or attack other devices on the local network. These include vulnerable devices like network printers and valuable devices like domain servers and databases.

Finally, Safehold allows users to access files they want without allowing unintentional (drive-by) or malicious downloads. All files downloaded from the web end up in the Safehold server, where they are automatically checked by multiple best of class malware scanners. Only files that test as safe are made available to the user, who manually initiates the download. It is impossible for linked malware files to accidentally end up on the user’s computer.