As techtarget.com puts it :
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain
How is this done
We have seen a few cases of this usually in the following order :
1) Attacker uses publically available resources e.g. Social Sites , company websites to get a name and email for a financial controller as well as the managing director of the company
2) Attacker uses a third party email server to fake firstname.lastname@example.org email and sends the below email to email@example.com. Attacker could also try emailing from firstname.lastname@example.org ( notice the ltd the end! )
I'm in the middle of a meeting , not available on the cell phone , but need this actioned NOW please transfer $$$$$ to this bank account let me know when done
Attacker also tries to send emails to financecontrollername saying 'Hey are you there ?'
3) financecontrollername sends the money and emails managingdirectorname when done , only to find out managingdirectorname never asked for this transfer
How to protect yourself from this
1) Careful what information you have publically available such as emails as it can be used against you. Also be careful emailing people you don't know , the attacker copies your signature to validate the email as best as possible
2) Get your IT provider to use SPF Records along with DKIM records to either put all the emails from your organisation that are from unknown senders into SPAM , or mark the Subject as SPAM so the end user knows to be wary. This can be done with Spam Filters and Exchange
3) Financial Controllers should always speak to MD's when unsure of moving money around , better to be safe than sorry as they say!
If you have already been effected
Speak to your local Police by dialling 101, and report it.
Speak to your bank, there is a 24 hour window where bank transfers can be halted, speak to them as soon as possible