Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons. This is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging. This is the most successful form of acquiring confidential information on the internet.
Due to spear phishing incident, the city of Naples, Florida now has $700K less in its bank account. According to the Insurance Journal:
Officials in the southwest Florida city of Naples say they lost $700,000 in a recent cyberattack.
The Naples Daily News reports that the attack was a “spear phishing” effort targeting a specific person or department and that appeared to be from a trusted source.
Authorities say the money was paid to a fake bank account the attacker provided while posing as a representative from the Wright Construction Group, which was doing infrastructure work in downtown Naples.
Part of preparing any cyber insurance policy for an organization like the City of Naples would ensure that any transaction over $25K requires dual signatures - to make sure attacks like this have a much smaller chance of success.