Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Business > PREVENT SPEAR PHISHING ATTACKS WITH IMPROVED EMAIL SECURITY

PREVENT SPEAR PHISHING ATTACKS WITH IMPROVED EMAIL SECURITY

Published by Gbaf News

Posted on July 1, 2015

4 min read

Last updated: January 22, 2026

Conceptual image representing email security measures against spear phishing attacks - Global Banking & Finance Review — This image illustrates the critical need for improved email security measures to combat spear phishing attacks, a common threat in the banking sector. It emphasizes the importance of advanced defenses to protect sensitive information.

By Mike Spykerman, VP at OPSWAT

Most hacks and data breaches start with a spear phishing attack that installs malware onto the system and then provides an entry point for hackers. Recent high profile data breaches, including those suffered by Target, Anthem, Sony and even the White House, all started with a spear phishing attack. A spear phishing attack is a carefully crafted email targeted at specific individuals within an organisation that is engineered to look legitimate and fool even the most tech-savvy users. The email will usually have a malicious attachment or link that installs malware in order to attempt to gain system access.

Why are these spear phishing attacks so successful, time and time again? Why are large organisations unable to protect themselves against these attacks? The reason is because the attackers are highly skilled at crafting legitimate looking emails that are only sent to a small number of individuals, and are therefore not detected by regular spam filters. Also, many spear phishing attacks make use of unknown threats or zero-day vulnerabilities that not all anti-malware engines will be able to detect.

Beef Up Your Email Security

To protect against spear phishing attacks, companies must improve their email security defences so that more spear phishing emails will be detected and stopped. Traditional email security products are typically not equipped to detect and block spear phishing attacks. Most spam filtering products rely on prior detection and black lists in order to flag an email as spam. Since spear phishing emails are sent to only a small number of recipients, and sometimes use hacked email accounts, it is nearly impossible for an automated spam filter to distinguish these emails from legitimate ones. Using only one anti-malware engine to check for email threats will not provide enough protection against spear phishing attacks, since they often use unknown malware or try to bypass specific engines. Therefore, a more advanced approach is needed. Below are three methods that will greatly strengthen your email security defences against spear phishing:

#1 – Use Multi Anti-Malware Scanning:
Through the use of multi-scanning with multiple anti-malware engines, malware detection rates are significantly increased. Multi-scanning leverages the power of the different detection algorithms and heuristics of multiple engines, therefore increasing detection of both known and unknown threats, as well as protecting against attacks designed to circumvent particular antivirus engines. In addition, since anti-malware vendors address different threats at different times, using multiple scan engines will help detect new outbreaks much faster. It is important to distinguish between multi-scanning and simply using multiple antivirus engines. When using multi-scanning technology, performance is greatly enhanced and potential conflicts between different engines are avoided.

#2 – Sanitize Email Attachments:
As a precautionary measure, it is highly recommended to change the format of incoming email attachments in order to remove any possible embedded threats that may go undetected by antivirus engines. Many spear phishing emails include malicious Word or PDF attachments. By changing the format of a Word document to PDF and vice versa, scripts and other possible threats are automatically removed.

#3 – Limit Email Attachment Types:
By blocking potentially dangerous email attachment types such as .exe files and scripts, it is more difficult for malware to spread. It is also important to verify the attachment file type, so that .exe files that are renamed as .txt files do not get through the company’s filters.

In addition to improving your email security measures, you must also make sure that your employees are aware of possible spear phishing attacks. A warned employee might be able to spot that something is out of the ordinary. Finally, if you make sure that your data is segregated and encrypted, even if the attackers get an employee to click on a malicious email attachment, data encryption, and segregation can ensure that your data is still safe, regardless of the intrusion.